Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with search engine redirect virus/rootkit


  • This topic is locked This topic is locked
13 replies to this topic

#1 kart

kart

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 01:15 AM

Hello,


My journey begin here with the help of Broni

We ran a number of programs he requested and he now believes I am infected with the ZeroAccess rootkit and it requires elevated help.

My problem at present is that anytime I run a search on google/yahoo/bing or any other search engine using Firefox or IE, I am provided appropriate results, however when I click the results I am redirect to a variety of webpages including the following: scour.com, newsbusters.org, 5884.mnstr2.com, livesearchnow.com, and 63.209.69.107.

I am presently running full antivirus/rootkit scans using ESET online scanner and Avast! antivirus, they are still running with results pending. So far ESET has found one threat called "a variant of win32/kryptik.AQUX trojan"


I did a google search of this problem on my other computer and have tried the following programs with failed results:
TDSSKiller
FixTDSS
Malwarebytes anti-rootkit beta
Malwarebytes antivirus (it did not find anything)
GooRedFix
RogueKiller


The problem started when I had downloaded a program I thought was going to help me with budget analysis in excel, however it turned out to be the virus. I still have the program saved in a zip file if that would be helpful in solving my problem.

I am currently running on a PC with Windows 7 (64bit). I would appreciate any help fixing this problem.


Thank you, your help is greatly appreciated,

Kart

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2013 - 11:56 AM

Hello kart,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 12:00 PM

Thank you fireman4it! I do have a flashdrive, and starting now I will refrain from making any changes to my computer.

#4 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 12:06 PM

I should note that I ran an ESET NOD32 antivirus scan previously that found the following:

C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trz821A.tmp Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trz9B74.tmp Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA6EA.tmp Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA6FB.tmp Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA70B.tmp Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\08.06.2012_17.36.03\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidjdddidbdadadedjdedegdgbdj\background.html Win32/BHO.OEI trojan
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidjdddidbdadadedjdedegdgbdj\ContentScript.js Win32/BHO.OEI trojan
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aangepjmoapeapnggckgdhmfngjcbbpb\background.html Win32/BHO.OEI trojan
C:\Users\Home\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3c1e174e-17eef313 a variant of Java/Exploit.CVE-2012-1723.CF trojan
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\extensions\xyrrtnyclg@xyrrtnyclg.org.xpi JS/Redirector.NBX trojan
C:\Users\Home\Downloads\now_tool_.zip a variant of Win32/Kryptik.AQUX trojan
C:\Windows\Temp\_avast_\unp154562254.tmp Android/Exploit.Lotoor.AN trojan
C:\Windows\Temp\_avast_\unp154571832.tmp a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\Temp\_avast_\unp154617219.tmp Android/Exploit.Lotoor.AK trojan
C:\Windows\Temp\_avast_\unp154945770.tmp a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\Temp\_avast_\unp155120005.tmp a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\Temp\_avast_\unp27036481.tmp Java/Exploit.CVE-2012-4681.K trojan
C:\Windows\Temp\_avast_\unp32784645.tmp Android/Exploit.Lotoor.AK trojan
C:\Windows\Temp\_avast_\unp8006318.tmp Android/Exploit.Lotoor.AN trojan


The item that is bolded is the virus that caused this entire mess I am in now, It's the file I mentioned in the first post, I can delete it, I just don't know if I should or if it would be of value in figuring out what it did to my computer.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2013 - 12:07 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 12:29 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 07-01-2013 12:19:08
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4090824 2012-11-16] (ESET)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe" [172032 2007-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2013-01-07] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-01-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336952 2012-04-18] (Power Software Ltd)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray [979816 2012-12-21] ()
HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1434984 2012-12-20] (Anvisoft)
HKU\Home\...\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-27] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\Home\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Home\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ===================

2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] ()
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-20] (Anvisoft)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [110944 2011-11-22] (BlueStack Systems, Inc.)
2 CLCapSvc; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe" [262239 2007-08-02] ()
2 CLSched; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe" [110685 2007-08-02] ()
2 CyberLink Media Library Service; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe" [1073152 2007-08-02] (Cyberlink)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913184 2012-11-16] (ESET)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
3 jswpsapi; C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe [352338 2007-10-29] (Atheros Communications, Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [x]

==================== Drivers (Whitelisted) =====================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21544 2010-04-06] ()
1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [19280 2012-09-07] ()
1 asdrm; C:\Windows\System32\Drivers\asdrm.sys [18768 2012-11-06] (Anvisoft)
2 asdrs; C:\Windows\System32\Drivers\asdrs.sys [23376 2012-11-06] (Anvisoft)
2 asdws; C:\Windows\System32\Drivers\asdws.sys [17232 2012-11-06] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1228160 2007-08-21] (ATI Technologies Inc.)
2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70496 2011-11-22] (BlueStack Systems)
1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209808 2012-11-16] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-28] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-28] (ESET)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-07 12:18 - 2013-01-07 12:18 - 00000000 ____D C:\FRST
2013-01-07 09:08 - 2013-01-07 09:08 - 01464235 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-01-07 04:47 - 2013-01-07 04:47 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
2013-01-06 23:40 - 2013-01-06 23:40 - 04009167 ____A C:\Users\Home\Desktop\ServicesRepair.exe
2013-01-06 23:40 - 2013-01-06 23:40 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-01-06 23:17 - 2013-01-06 23:18 - 68796416 ____A C:\Users\Home\Downloads\eav_nt64_enu.msi
2013-01-06 22:55 - 2013-01-06 23:01 - 00002247 ____A C:\Users\Home\Desktop\ESET finding.txt
2013-01-06 22:54 - 2013-01-06 22:54 - 00000000 ____D C:\Users\All Users\ESET
2013-01-06 22:54 - 2013-01-06 22:54 - 00000000 ____D C:\Program Files\ESET
2013-01-06 22:48 - 2013-01-06 22:48 - 01378744 ____A (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe
2013-01-06 22:45 - 2013-01-06 22:45 - 00003056 ____A C:\Users\Home\Desktop\ESET findings.txt
2013-01-06 22:00 - 2013-01-06 22:00 - 00011857 ____A C:\Users\Home\Desktop\attach.txt
2013-01-06 22:00 - 2013-01-06 21:59 - 00025199 ____A C:\Users\Home\Desktop\dds.txt
2013-01-06 21:47 - 2013-01-06 21:47 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2013-01-06 20:25 - 2013-01-06 20:26 - 13485902 ____A C:\Users\Home\Downloads\mbar-1.01.0.1011.zip
2013-01-06 18:58 - 2013-01-06 18:59 - 102315992 ____A C:\Users\Home\Downloads\avast_free_antivirus_setup(1).exe
2013-01-06 14:14 - 2013-01-06 14:15 - 00031712 ____A C:\Users\Home\Downloads\Result.txt
2013-01-06 14:13 - 2013-01-06 14:13 - 00005201 ____A C:\Users\Home\Downloads\FSS.txt
2013-01-06 14:11 - 2013-01-06 14:13 - 00350233 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-01-06 14:08 - 2013-01-06 14:08 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck(1).exe
2013-01-06 12:02 - 2013-01-06 12:02 - 00212509 ____A C:\Users\Home\Downloads\rmparite.dos
2013-01-06 12:01 - 2013-01-06 12:02 - 00344064 ____A C:\Users\Home\Downloads\rmparite.nt
2013-01-06 12:01 - 2013-01-06 12:01 - 02774272 ____A C:\Users\Home\Downloads\rmparite.exe
2013-01-06 11:33 - 2013-01-06 11:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Anvisoft
2013-01-06 11:32 - 2013-01-06 11:32 - 00001504 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-01-06 11:32 - 2013-01-06 11:32 - 00001188 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Users\All Users\Anvisoft
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-01-06 11:32 - 2012-11-06 23:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2013-01-06 11:32 - 2012-11-06 23:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2013-01-06 11:32 - 2012-11-06 23:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys
2013-01-06 11:31 - 2013-01-06 11:31 - 00981504 ____A C:\Users\Home\Downloads\MicrosoftFixit50778.msi
2013-01-06 11:24 - 2013-01-06 11:25 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix(1).exe
2013-01-06 11:23 - 2013-01-06 11:26 - 00002280 ____A C:\Users\Home\Desktop\GooredFix.txt
2013-01-06 11:23 - 2013-01-06 11:26 - 00000000 ____D C:\Users\Home\Desktop\GooredFix Backups
2013-01-06 11:16 - 2013-01-06 11:16 - 29016792 ____A C:\Users\Home\Downloads\asdsetup.exe
2013-01-06 11:08 - 2013-01-06 11:08 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix.exe
2013-01-06 10:58 - 2013-01-06 10:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-06 10:52 - 2013-01-06 10:52 - 00000000 ____D C:\JRT
2013-01-06 08:37 - 2013-01-06 08:37 - 00000000 ____D C:\Program Files\CCleaner
2013-01-05 21:48 - 2013-01-05 21:53 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine
2013-01-05 21:40 - 2013-01-05 21:42 - 00761856 ____A C:\Users\Home\Downloads\RogueKiller.exe
2013-01-05 21:33 - 2013-01-05 21:34 - 00498427 ____A (Oleg N. Scherbakov) C:\Users\Home\Downloads\JRT.exe
2013-01-05 21:25 - 2013-01-05 21:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-01-05 21:24 - 2013-01-05 21:26 - 01805736 ____A (Symantec Corporation) C:\Users\Home\Downloads\FixZeroAccess.exe
2013-01-05 20:54 - 2013-01-05 20:54 - 00000000 ____A C:\autoexec.bat
2013-01-05 20:50 - 2013-01-05 20:50 - 00016357 ____A C:\AdwCleaner[S2].txt
2013-01-05 20:49 - 2013-01-05 20:54 - 00000000 ____D C:\sh4ldr
2013-01-05 20:49 - 2013-01-05 20:49 - 00002256 ____A C:\Users\Home\Desktop\SpyHunter.lnk
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-01-05 20:46 - 2013-01-05 20:46 - 00015932 ____A C:\AdwCleaner[R1].txt
2013-01-05 20:44 - 2013-01-05 20:47 - 04732416 ____A (AVAST Software) C:\Users\Home\Downloads\aswMBR(1).exe
2013-01-05 20:41 - 2013-01-05 20:43 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2013-01-05 20:35 - 2013-01-05 20:36 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck.exe
2013-01-05 20:25 - 2013-01-05 20:25 - 02195061 ____A C:\Users\Home\Downloads\tdsskiller(1).zip
2013-01-05 20:25 - 2012-10-31 18:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Home\Downloads\TDSSKiller.exe
2013-01-05 20:10 - 2013-01-05 20:27 - 00000000 ____D C:\Users\Home\Desktop\mbar
2013-01-05 20:09 - 2013-01-05 20:09 - 13485902 ____A C:\Users\Home\Desktop\mbar-1.01.0.1011.zip
2013-01-05 19:54 - 2013-01-05 21:18 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2013-01-05 19:03 - 2013-01-05 19:03 - 00143360 _RASH C:\Windows\SysWOW64\usbceipb.dll
2012-12-28 21:29 - 2012-12-28 21:30 - 00998128 ____A (Solid State Networks) C:\Users\Home\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-12-24 13:31 - 2012-12-24 13:55 - 410844304 ____A C:\Users\Home\Downloads\MikTouch-0.7-signed.zip
2012-12-24 13:21 - 2012-12-24 13:21 - 00084964 ____A C:\Users\Home\Downloads\google(2).csv
2012-12-24 12:48 - 2012-12-24 12:48 - 00000256 ____A C:\Users\Home\Downloads\Unlock_code.bin
2012-12-23 11:32 - 2012-12-23 11:32 - 20390447 ____A C:\Users\Home\Downloads\MyTouch_4G_Slide_All-In-One_Kit_V2.0.rar
2012-12-23 09:44 - 2013-01-06 14:06 - 10354816 ____A C:\Users\Home\Desktop\SuperOneClickv2.3.3-ShortFuse.zip
2012-12-23 09:29 - 2012-12-23 09:29 - 00001441 ____A C:\Users\Home\Desktop\ddms - Shortcut.lnk
2012-12-22 14:15 - 2012-12-22 15:21 - 00000000 ____D C:\Users\Home\Desktop\SNPhA Resolutions
2012-12-18 17:14 - 2013-01-07 04:35 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job
2012-12-18 17:13 - 2013-01-07 08:24 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Home.job
2012-12-18 17:13 - 2013-01-05 12:21 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Home.job
2012-12-09 18:39 - 2012-12-18 18:05 - 00000000 ____D C:\Users\Home\Desktop\FDA

==================== One Month Modified Files and Folders =======

2013-01-07 12:18 - 2013-01-07 12:18 - 00000000 ____D C:\FRST
2013-01-07 09:14 - 2010-08-21 18:27 - 00000236 ____A C:\service.log
2013-01-07 09:14 - 2010-08-17 15:14 - 01440334 ____A C:\Windows\WindowsUpdate.log
2013-01-07 09:14 - 2009-07-13 21:13 - 00730532 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-07 09:11 - 2010-10-27 09:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2278199951-1427957285-2290571376-1000UA.job
2013-01-07 09:08 - 2013-01-07 09:08 - 01464235 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-01-07 09:08 - 2011-02-28 19:33 - 00000000 ____D C:\Users\Home\AppData\Local\FLVService
2013-01-07 08:38 - 2010-10-27 09:00 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2278199951-1427957285-2290571376-1000Core.job
2013-01-07 08:31 - 2010-08-28 16:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-01-07 08:24 - 2012-12-18 17:13 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Home.job
2013-01-07 08:24 - 2010-10-27 08:52 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-01-07 04:47 - 2013-01-07 04:47 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
2013-01-07 04:44 - 2009-07-13 20:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-07 04:44 - 2009-07-13 20:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-07 04:37 - 2010-08-30 13:20 - 00000000 ___RD C:\Users\Home\Documents\My Dropbox
2013-01-07 04:37 - 2010-08-30 13:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
2013-01-07 04:35 - 2012-12-18 17:14 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job
2013-01-07 04:35 - 2010-09-09 17:18 - 00098224 ____A C:\Windows\PFRO.log
2013-01-07 04:35 - 2010-08-21 18:41 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-01-07 04:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-07 04:35 - 2009-07-13 20:51 - 00048273 ____A C:\Windows\setupact.log
2013-01-06 23:40 - 2013-01-06 23:40 - 04009167 ____A C:\Users\Home\Desktop\ServicesRepair.exe
2013-01-06 23:40 - 2013-01-06 23:40 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-01-06 23:18 - 2013-01-06 23:17 - 68796416 ____A C:\Users\Home\Downloads\eav_nt64_enu.msi
2013-01-06 23:01 - 2013-01-06 22:55 - 00002247 ____A C:\Users\Home\Desktop\ESET finding.txt
2013-01-06 22:54 - 2013-01-06 22:54 - 00000000 ____D C:\Users\All Users\ESET
2013-01-06 22:54 - 2013-01-06 22:54 - 00000000 ____D C:\Program Files\ESET
2013-01-06 22:48 - 2013-01-06 22:48 - 01378744 ____A (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe
2013-01-06 22:45 - 2013-01-06 22:45 - 00003056 ____A C:\Users\Home\Desktop\ESET findings.txt
2013-01-06 22:00 - 2013-01-06 22:00 - 00011857 ____A C:\Users\Home\Desktop\attach.txt
2013-01-06 21:59 - 2013-01-06 22:00 - 00025199 ____A C:\Users\Home\Desktop\dds.txt
2013-01-06 21:47 - 2013-01-06 21:47 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2013-01-06 21:08 - 2012-06-04 17:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-01-06 20:26 - 2013-01-06 20:25 - 13485902 ____A C:\Users\Home\Downloads\mbar-1.01.0.1011.zip
2013-01-06 18:59 - 2013-01-06 18:58 - 102315992 ____A C:\Users\Home\Downloads\avast_free_antivirus_setup(1).exe
2013-01-06 14:15 - 2013-01-06 14:14 - 00031712 ____A C:\Users\Home\Downloads\Result.txt
2013-01-06 14:13 - 2013-01-06 14:13 - 00005201 ____A C:\Users\Home\Downloads\FSS.txt
2013-01-06 14:13 - 2013-01-06 14:11 - 00350233 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-01-06 14:08 - 2013-01-06 14:08 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck(1).exe
2013-01-06 14:06 - 2012-12-23 09:44 - 10354816 ____A C:\Users\Home\Desktop\SuperOneClickv2.3.3-ShortFuse.zip
2013-01-06 12:02 - 2013-01-06 12:02 - 00212509 ____A C:\Users\Home\Downloads\rmparite.dos
2013-01-06 12:02 - 2013-01-06 12:01 - 00344064 ____A C:\Users\Home\Downloads\rmparite.nt
2013-01-06 12:01 - 2013-01-06 12:01 - 02774272 ____A C:\Users\Home\Downloads\rmparite.exe
2013-01-06 11:33 - 2013-01-06 11:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Anvisoft
2013-01-06 11:32 - 2013-01-06 11:32 - 00001504 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-01-06 11:32 - 2013-01-06 11:32 - 00001188 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Users\All Users\Anvisoft
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-01-06 11:31 - 2013-01-06 11:31 - 00981504 ____A C:\Users\Home\Downloads\MicrosoftFixit50778.msi
2013-01-06 11:26 - 2013-01-06 11:23 - 00002280 ____A C:\Users\Home\Desktop\GooredFix.txt
2013-01-06 11:26 - 2013-01-06 11:23 - 00000000 ____D C:\Users\Home\Desktop\GooredFix Backups
2013-01-06 11:25 - 2013-01-06 11:24 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix(1).exe
2013-01-06 11:16 - 2013-01-06 11:16 - 29016792 ____A C:\Users\Home\Downloads\asdsetup.exe
2013-01-06 11:08 - 2013-01-06 11:08 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix.exe
2013-01-06 10:58 - 2013-01-06 10:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-06 10:52 - 2013-01-06 10:52 - 00000000 ____D C:\JRT
2013-01-06 08:37 - 2013-01-06 08:37 - 00000000 ____D C:\Program Files\CCleaner
2013-01-06 08:35 - 2012-06-08 13:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-05 21:53 - 2013-01-05 21:48 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine
2013-01-05 21:42 - 2013-01-05 21:40 - 00761856 ____A C:\Users\Home\Downloads\RogueKiller.exe
2013-01-05 21:34 - 2013-01-05 21:33 - 00498427 ____A (Oleg N. Scherbakov) C:\Users\Home\Downloads\JRT.exe
2013-01-05 21:26 - 2013-01-05 21:24 - 01805736 ____A (Symantec Corporation) C:\Users\Home\Downloads\FixZeroAccess.exe
2013-01-05 21:25 - 2013-01-05 21:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-01-05 21:18 - 2013-01-05 19:54 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2013-01-05 20:54 - 2013-01-05 20:54 - 00000000 ____A C:\autoexec.bat
2013-01-05 20:54 - 2013-01-05 20:49 - 00000000 ____D C:\sh4ldr
2013-01-05 20:50 - 2013-01-05 20:50 - 00016357 ____A C:\AdwCleaner[S2].txt
2013-01-05 20:49 - 2013-01-05 20:49 - 00002256 ____A C:\Users\Home\Desktop\SpyHunter.lnk
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-01-05 20:47 - 2013-01-05 20:44 - 04732416 ____A (AVAST Software) C:\Users\Home\Downloads\aswMBR(1).exe
2013-01-05 20:46 - 2013-01-05 20:46 - 00015932 ____A C:\AdwCleaner[R1].txt
2013-01-05 20:43 - 2013-01-05 20:41 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2013-01-05 20:36 - 2013-01-05 20:35 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck.exe
2013-01-05 20:28 - 2012-01-11 11:17 - 00000000 __SHD C:\Users\Home\AppData\Local\{69e6b33b-07d0-3c86-0218-29100579e152}
2013-01-05 20:27 - 2013-01-05 20:10 - 00000000 ____D C:\Users\Home\Desktop\mbar
2013-01-05 20:25 - 2013-01-05 20:25 - 02195061 ____A C:\Users\Home\Downloads\tdsskiller(1).zip
2013-01-05 20:09 - 2013-01-05 20:09 - 13485902 ____A C:\Users\Home\Desktop\mbar-1.01.0.1011.zip
2013-01-05 20:03 - 2012-05-01 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-05 19:58 - 2012-05-01 19:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-05 19:03 - 2013-01-05 19:03 - 00143360 _RASH C:\Windows\SysWOW64\usbceipb.dll
2013-01-05 12:31 - 2010-08-30 13:20 - 00000976 ____A C:\Users\Home\Desktop\Dropbox.lnk
2013-01-05 12:21 - 2012-12-18 17:13 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Home.job
2013-01-04 18:19 - 2010-09-09 16:43 - 00000426 ____A C:\Windows\BRWMARK.INI
2013-01-04 17:52 - 2011-12-29 22:04 - 00000000 ____D C:\Users\Home\AppData\Roaming\TuneUpMedia
2012-12-28 21:30 - 2012-12-28 21:29 - 00998128 ____A (Solid State Networks) C:\Users\Home\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-12-27 16:07 - 2010-08-28 16:20 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-12-24 13:55 - 2012-12-24 13:31 - 410844304 ____A C:\Users\Home\Downloads\MikTouch-0.7-signed.zip
2012-12-24 13:21 - 2012-12-24 13:21 - 00084964 ____A C:\Users\Home\Downloads\google(2).csv
2012-12-24 12:48 - 2012-12-24 12:48 - 00000256 ____A C:\Users\Home\Downloads\Unlock_code.bin
2012-12-23 11:32 - 2012-12-23 11:32 - 20390447 ____A C:\Users\Home\Downloads\MyTouch_4G_Slide_All-In-One_Kit_V2.0.rar
2012-12-23 10:10 - 2011-12-27 14:45 - 00000000 ____D C:\Users\Home\.android
2012-12-23 09:29 - 2012-12-23 09:29 - 00001441 ____A C:\Users\Home\Desktop\ddms - Shortcut.lnk
2012-12-22 15:21 - 2012-12-22 14:15 - 00000000 ____D C:\Users\Home\Desktop\SNPhA Resolutions
2012-12-18 18:05 - 2012-12-09 18:39 - 00000000 ____D C:\Users\Home\Desktop\FDA
2012-12-17 08:00 - 2012-10-28 18:59 - 00000000 ____D C:\Users\Home\Desktop\Eli Lilly
2012-12-17 07:59 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Home\Desktop\CDC
2012-12-14 13:49 - 2012-05-01 19:52 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-13 19:01 - 2012-05-11 06:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-13 19:01 - 2010-08-26 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-12 10:12 - 2011-04-10 13:56 - 00002444 ____A C:\Users\Home\Desktop\Google Chrome.lnk
2012-12-09 23:03 - 2012-11-20 08:26 - 00000210 ____A C:\Users\Home\Desktop\gifts 2012.txt
2012-12-09 23:02 - 2012-11-04 17:24 - 00000000 ____D C:\Users\Home\Desktop\taxes old
2012-12-09 21:11 - 2012-10-26 13:22 - 00000000 ____D C:\Users\Home\Desktop\P&G
2012-12-09 20:31 - 2012-10-26 14:53 - 00000000 ____D C:\Users\Home\Desktop\other ppls CVs


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3581.55 MB
Available physical RAM: 2971.73 MB
Total Pagefile: 3579.7 MB
Available Pagefile: 2956.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:97.56 GB) (Free:6.19 GB) NTFS
3 Drive e: () (Fixed) (Total:244.14 GB) (Free:112.06 GB) NTFS
4 Drive f: () (Fixed) (Total:589.71 GB) (Free:533.27 GB) NTFS
7 Drive i: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 964 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 244 GB 97 GB
Partition 4 Primary 589 GB 341 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 97 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 244 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F NTFS Partition 589 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 3868 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 960 MB Healthy

=========================================================

Last Boot: 2013-01-04 12:38

==================== End Of Log =============================

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2013 - 01:51 PM

Hello,

1.
Please run Eset again this time let it delete what it finds.

2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

3.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.



Things to include in your next reply:;
Eset log
AdwCleaner log
yorkyt.exe log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 05:08 PM

My machine appears to be running fine, it's a little slow booting up (it could be from the fact that I have 4 antivirus software programs running now). I did some test searches in Google on Firefox and IE and didn't have any redirect problems, so it appears to be solved.


The logs requested are below. I was unable to paste the ESET log, it's nearly 26MB, so I just pasted below what I thought were the relevant points, I can upload a zipped copy of the log if you let me know where to upload it:



------------------------------------------------

ESET LOG

------------------------------------------------


Scan Log
Version of virus signature database: 7868 (20130107)
Date: 1/7/2013 Time: 7:56:28 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;E:\Boot sector;C:\;D:\;E:\
Operating memory » C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe » ZIP » ui/images.pyc - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
Operating memory » C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe » ZIP » wxmsw28uh_vc.dll - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
Operating memory » C:\Program Files (x86)\MagicDisc\MagicDisc.exe » UPX v12_m5 - unpack error
Boot sector of disk C: - error opening [4]
Boot sector of disk D: - error opening [4]
Boot sector of disk E: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]



C:\Users\Home\AppData\Local\Temp\V.class - probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan - cleaned by deleting - quarantined [1]
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\extensions\xyrrtnyclg@xyrrtnyclg.org.xpi » ZIP » chrome/performance.jar - JS/Redirector.NBX trojan
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\extensions\xyrrtnyclg@xyrrtnyclg.org.xpi » ZIP » chrome/performance.jar - JS/Redirector.NBX trojan - was a part of the deleted object
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3c1e174e-17eef313 » ZIP » gradsnyrhrkmjrulrr/bjwwejhlcrkedh.class - a variant of Java/Exploit.CVE-2012-1723.CF trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3c1e174e-17eef313 » ZIP » gradsnyrhrkmjrulrr/bjwwejhlcrkedh.class - a variant of Java/Exploit.CVE-2012-1723.CF trojan - was a part of the deleted object
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidjdddidbdadadedjdedegdgbdj\background.html - Win32/BHO.OEI trojan - cleaned by deleting - quarantined [1]
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdidjdddidbdadadedjdedegdgbdj\ContentScript.js - Win32/BHO.OEI trojan - cleaned by deleting - quarantined [1]
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aangepjmoapeapnggckgdhmfngjcbbpb\background.html - Win32/BHO.OEI trojan - cleaned by deleting - quarantined [1]



C:\Program Files (x86)\Adobe\Acrobat 10.0\Setup Files\{AC76BA86-1033-F400-7760-000000000005}\AcroPro.msi - error opening [4]

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.log - error opening [4]

C:\Program Files (x86)\Real\RealPlayer\Setup\vc9_runtime.msi - error opening [4]

C:\ProgramData\avg9\Temp\file9514.tmp - error opening [4]

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22dce5621c3e001ed8bf2b281d7aba42_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\983738b5949128246873242362a5c6d3_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e92116b0fbe89555fe30ff3a9a6a3855_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]


C:\ProgramData\Sling Media\SlingAgent\SlingAgentLog.txt - error opening [4]
C:\ProgramData\TaxCut\2009\cache\{23CF7711-5893-43AE-8CEC-840E3840F7F7}\HR Block Ohio 2009.msi - error opening [4]

C:\ProgramData\TaxCut\2010\cache\{16273C71-96DD-4A86-8294-728CAB03401B}\HR Block Ohio 2010.msi - error opening [4]


C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trz821A.tmp - Win32/Olmarik.AYI trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trz9B74.tmp - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA6EA.tmp - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA6FB.tmp - Win32/Olmarik.AFK trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\trzA70B.tmp - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\06.01.2013_11.31.26\tdlfs0000\tsk0001.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]
C:\TDSSKiller_Quarantine\08.06.2012_17.36.03\mbr0000\tdlfs0000\tsk0001.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]


C:\Users\All Users\avg9\Temp\file9514.tmp - error opening [4]

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\22dce5621c3e001ed8bf2b281d7aba42_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\983738b5949128246873242362a5c6d3_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e92116b0fbe89555fe30ff3a9a6a3855_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_0bc4bf38-8a55-4f05-a3f7-2324a35fef94 - error opening [4]


C:\Users\All Users\Sling Media\SlingAgent\SlingAgentLog.txt - error opening [4]
C:\Users\All Users\TaxCut\2009\cache\{23CF7711-5893-43AE-8CEC-840E3840F7F7}\HR Block Ohio 2009.msi - error opening [4]
C:\Users\All Users\TaxCut\2010\cache\{16273C71-96DD-4A86-8294-728CAB03401B}\HR Block Ohio 2010.msi - error opening [4]

C:\Users\Home\ntuser.dat - error opening [4]
C:\Users\Home\ntuser.dat.LOG1 - error opening [4]
C:\Users\Home\ntuser.dat.LOG2 - error opening [4]

C:\Users\Home\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Home\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Home\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]

C:\Users\Home\AppData\Local\Temp\WER-191896-0.sysdata.xml - error opening [4]

C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\parent.lock - error opening [4]

C:\Users\Home\Downloads\Adobe Acrobat X (10.1) Pro\Adobe Acrobat X (10.1) Pro\SOFTWARE\AcroPro.msi - error opening [4]

C:\Windows\Installer\32970545.msi - error opening [4]
C:\Windows\Installer\341b9d78.msi - error opening [4]

C:\Windows\Installer\46f35970.msi - error opening [4]

C:\Windows\Installer\978b920.msi - error opening [4]

C:\Windows\Installer\e57d47f.msi - error opening [4]

C:\Windows\Logs\CBS\CBS.log - error opening [4]

C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]

C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\PLA\System\System Diagnostics.xml - error opening [4]
C:\Windows\PLA\System\System Performance.xml - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]

C:\Windows\System32\usbceipb.dll - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\SysWOW64\usbceipb.dll - error opening [4]
C:\Windows\Tasks\ReclaimerUpdateFiles_Home.job - error opening [4]
C:\Windows\Tasks\ReclaimerUpdateXML_Home.job - error opening [4]
C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_2d2382534fb0bdfa\dnary.xsd - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd - error opening [4]

C:\Users\Home\Downloads\now_tool_.zip » ZIP » now_tool_.exe - a variant of Win32/Kryptik.AQUX trojan - was a part of the deleted object



Number of scanned objects: 641994
Number of threats found: 8
Number of cleaned objects: 8
Time of completion: 12:14:24 PM Total scanning time: 15476 sec (04:17:56)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.






------------------------------------------------

AdwCleaner LOG

------------------------------------------------


# AdwCleaner v2.104 - Logfile created 01/07/2013 at 16:11:45
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.41] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.44] : keyword = "isearch.avg.com",
Found [l.47] : search_url = "hxxp://isearch.avg.com/search?cid={4F01D6EE-08BC-40A2-AB1A-885853BA675A}&mid=056736c802bb47d68b33bdb90f0cd325-0ad221afef7910549839a20444886f2c36e25fbb&lang=en&ds=st011&pr=sa&d=2012-05-13 18:33:15&v=11.0.0.9&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [15932 octets] - [05/01/2013 23:46:22]
AdwCleaner[R2].txt - [1223 octets] - [07/01/2013 16:11:45]
AdwCleaner[S2].txt - [16357 octets] - [05/01/2013 23:50:44]

########## EOF - C:\AdwCleaner[R2].txt - [1344 octets] ##########




------------------------------------------------
yorkyt LOG

------------------------------------------------



2013-01-07 16:15:02: ****************************************************
2013-01-07 16:15:02: Starting UP ... v 0.0.0.220
2013-01-07 16:15:02: ****************************************************
2013-01-07 16:15:03: Stop TPSRV returns: 2
2013-01-07 16:15:18: Listing processes...
2013-01-07 16:15:18: :[System Process]:0
2013-01-07 16:15:18: :System:4
2013-01-07 16:15:18: :smss.exe:404
2013-01-07 16:15:18: :csrss.exe:576
2013-01-07 16:15:18: :wininit.exe:676
2013-01-07 16:15:18: :csrss.exe:708
2013-01-07 16:15:18: :services.exe:732
2013-01-07 16:15:18: :lsass.exe:764
2013-01-07 16:15:18: :lsm.exe:772
2013-01-07 16:15:18: :winlogon.exe:828
2013-01-07 16:15:18: :svchost.exe:924
2013-01-07 16:15:18: :svchost.exe:1020
2013-01-07 16:15:18: :atiesrxx.exe:416
2013-01-07 16:15:18: :svchost.exe:724
2013-01-07 16:15:18: :svchost.exe:116
2013-01-07 16:15:18: :svchost.exe:1056
2013-01-07 16:15:18: :svchost.exe:1220
2013-01-07 16:15:18: :atieclxx.exe:1352
2013-01-07 16:15:18: :svchost.exe:1392
2013-01-07 16:15:18: :spoolsv.exe:1700
2013-01-07 16:15:18: :svchost.exe:1736
2013-01-07 16:15:18: :ADBlockerSrv.exe:1960
2013-01-07 16:15:18: :AppleMobileDeviceService.exe:1980
2013-01-07 16:15:18: :ASDSrv.exe:2016
2013-01-07 16:15:18: :BCUService.exe:2044
2013-01-07 16:15:18: :mDNSResponder.exe:1188
2013-01-07 16:15:18: :CLCapSvc.exe:1264
2013-01-07 16:15:18: :CLMLServer.exe:1712
2013-01-07 16:15:18: :ekrn.exe:1048
2013-01-07 16:15:18: :essvr.exe:2060
2013-01-07 16:15:18: :XSrvSetup.exe:2088
2013-01-07 16:15:18: :LVPrcSrv.exe:2112
2013-01-07 16:15:18: :LVPrS64H.exe:2160
2013-01-07 16:15:18: :PassThruSvr.exe:2256
2013-01-07 16:15:18: :svchost.exe:2316
2013-01-07 16:15:18: :SlingAgentService.exe:2340
2013-01-07 16:15:18: :svchost.exe:2380
2013-01-07 16:15:18: :WLIDSVC.EXE:2424
2013-01-07 16:15:18: :WLIDSVCM.EXE:2516
2013-01-07 16:15:18: :WmiPrvSE.exe:2692
2013-01-07 16:15:18: :CLSched.exe:2744
2013-01-07 16:15:18: :taskhost.exe:3328
2013-01-07 16:15:18: :dwm.exe:3504
2013-01-07 16:15:18: :explorer.exe:3584
2013-01-07 16:15:18: :WUDFHost.exe:3712
2013-01-07 16:15:18: :RAVCpl64.exe:4064
2013-01-07 16:15:18: :egui.exe:2900
2013-01-07 16:15:18: :sidebar.exe:3240
2013-01-07 16:15:18: :Dropbox.exe:3400
2013-01-07 16:15:18: :SearchIndexer.exe:1124
2013-01-07 16:15:18: :MagicDisc.exe:3880
2013-01-07 16:15:18: :BCU.exe:4088
2013-01-07 16:15:18: :svchost.exe:2676
2013-01-07 16:15:18: :nusb3mon.exe:4256
2013-01-07 16:15:18: :MOM.exe:4276
2013-01-07 16:15:18: :CMCService.exe:4380
2013-01-07 16:15:18: :pptd40nt.exe:4472
2013-01-07 16:15:18: :BrMfcWnd.exe:4548
2013-01-07 16:15:18: :LWS.exe:4576
2013-01-07 16:15:18: :FLVSrvc.exe:4696
2013-01-07 16:15:18: :BrccMCtl.exe:4708
2013-01-07 16:15:18: :AdobeARM.exe:4716
2013-01-07 16:15:18: :acrotray.exe:4792
2013-01-07 16:15:18: :realsched.exe:4860
2013-01-07 16:15:18: :BrMfcMon.exe:4884
2013-01-07 16:15:18: :iTunesHelper.exe:4200
2013-01-07 16:15:18: :PWRISOVM.EXE:4188
2013-01-07 16:15:18: :AvastUI.exe:4144
2013-01-07 16:15:18: :jusched.exe:4468
2013-01-07 16:15:18: :CCC.exe:4632
2013-01-07 16:15:18: :iPodService.exe:5288
2013-01-07 16:15:18: :SearchProtocolHost.exe:5408
2013-01-07 16:15:18: :firefox.exe:5416
2013-01-07 16:15:18: :COCIManager.exe:5736
2013-01-07 16:15:18: :IntuitUpdateService.exe:3512
2013-01-07 16:15:18: :plugin-container.exe:5944
2013-01-07 16:15:18: :NASvc.exe:1896
2013-01-07 16:15:18: :wuauclt.exe:3840
2013-01-07 16:15:18: :AvastSvc.exe:7320
2013-01-07 16:15:18: :taskeng.exe:7444
2013-01-07 16:15:18: :taskeng.exe:504
2013-01-07 16:15:18: :audiodg.exe:2236
2013-01-07 16:15:18: :svchost.exe:7136
2013-01-07 16:15:18: :SearchFilterHost.exe:2936
2013-01-07 16:15:18: :yorkyt.exe:7216
2013-01-07 16:15:18:
2013-01-07 16:15:18: Setting restore point
2013-01-07 16:15:18: RUN mode
2013-01-07 16:15:18: Determining autonomous or dropped mode...
2013-01-07 16:15:18: Autonomus mode
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: AeLookupSvc
2013-01-07 16:15:18: Real Path: C:\Windows\System32\aelupsvc.dll
2013-01-07 16:15:18: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2013-01-07 16:15:18: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2013-01-07 16:15:18: ServiceDLL: System32\aelupsvc.dll
2013-01-07 16:15:18: File size: 0
2013-01-07 16:15:18: DLL File name: aelupsvc.dll
2013-01-07 16:15:18: Original File Name: aelupsvc.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:18: Mod/Cre/Acc time:
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: AppIDSvc
2013-01-07 16:15:18: Real Path: C:\Windows\System32\appidsvc.dll
2013-01-07 16:15:18: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2013-01-07 16:15:18: Description: @%systemroot%\system32\appidsvc.dll,-101
2013-01-07 16:15:18: ServiceDLL: System32\appidsvc.dll
2013-01-07 16:15:18: File size: 0
2013-01-07 16:15:18: DLL File name: appidsvc.dll
2013-01-07 16:15:18: Original File Name: appidsvc.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:18: Mod/Cre/Acc time:
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: Appinfo
2013-01-07 16:15:18: Real Path: C:\Windows\System32\appinfo.dll
2013-01-07 16:15:18: Display Name: @%systemroot%\system32\appinfo.dll,-100
2013-01-07 16:15:18: Description: @%systemroot%\system32\appinfo.dll,-101
2013-01-07 16:15:18: ServiceDLL: System32\appinfo.dll
2013-01-07 16:15:18: File size: 0
2013-01-07 16:15:18: DLL File name: appinfo.dll
2013-01-07 16:15:18: Original File Name: appinfo.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:18: Mod/Cre/Acc time:
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: AppMgmt
2013-01-07 16:15:18: Real Path: C:\Windows\System32\appmgmts.dll
2013-01-07 16:15:18: Display Name: @appmgmts.dll,-3250
2013-01-07 16:15:18: Description: @appmgmts.dll,-3251
2013-01-07 16:15:18: ServiceDLL: System32\appmgmts.dll
2013-01-07 16:15:18: File size: 149504
2013-01-07 16:15:18: DLL File name: appmgmts.dll
2013-01-07 16:15:18: Original File Name: appmgmts.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:18: Mod/Cre/Acc time: 20090713201453 20090713183834 20130107161327
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: AudioEndpointBuilder
2013-01-07 16:15:18: Real Path: C:\Windows\System32\Audiosrv.dll
2013-01-07 16:15:18: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2013-01-07 16:15:18: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2013-01-07 16:15:18: ServiceDLL: System32\Audiosrv.dll
2013-01-07 16:15:18: File size: 0
2013-01-07 16:15:18: DLL File name: Audiosrv.dll
2013-01-07 16:15:18: Original File Name: audiosrv.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:18: Mod/Cre/Acc time:
2013-01-07 16:15:18: ---------------------------------------------------------------------
2013-01-07 16:15:18: Found Service: AudioSrv
2013-01-07 16:15:18: Real Path: C:\Windows\System32\Audiosrv.dll
2013-01-07 16:15:18: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2013-01-07 16:15:18: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2013-01-07 16:15:18: ServiceDLL: System32\Audiosrv.dll
2013-01-07 16:15:18: File size: 0
2013-01-07 16:15:18: DLL File name: Audiosrv.dll
2013-01-07 16:15:18: Original File Name: audiosrv.dll.mui
2013-01-07 16:15:18: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: AxInstSV
2013-01-07 16:15:19: Real Path: C:\Windows\System32\AxInstSV.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2013-01-07 16:15:19: ServiceDLL: System32\AxInstSV.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: AxInstSV.dll
2013-01-07 16:15:19: Original File Name: AxInstSv.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: BDESVC
2013-01-07 16:15:19: Real Path: C:\Windows\System32\bdesvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2013-01-07 16:15:19: ServiceDLL: System32\bdesvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: bdesvc.dll
2013-01-07 16:15:19: Original File Name: BDESVC.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: BFE
2013-01-07 16:15:19: Real Path: C:\Windows\System32\bfe.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\bfe.dll,-1002
2013-01-07 16:15:19: ServiceDLL: System32\bfe.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: bfe.dll
2013-01-07 16:15:19: Original File Name: BFE.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: BITS
2013-01-07 16:15:19: Real Path: C:\Windows\System32\qmgr.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2013-01-07 16:15:19: ServiceDLL: System32\qmgr.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: qmgr.dll
2013-01-07 16:15:19: Original File Name: qmgr.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: Browser
2013-01-07 16:15:19: Real Path: C:\Windows\System32\browser.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\browser.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\browser.dll,-101
2013-01-07 16:15:19: ServiceDLL: System32\browser.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: browser.dll
2013-01-07 16:15:19: Original File Name: browser.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: bthserv
2013-01-07 16:15:19: Real Path: C:\Windows\system32\bthserv.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\bthserv.dll,-102
2013-01-07 16:15:19: ServiceDLL: system32\bthserv.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: bthserv.dll
2013-01-07 16:15:19: Original File Name: BTHSERV.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: CertPropSvc
2013-01-07 16:15:19: Real Path: C:\Windows\System32\certprop.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\certprop.dll,-12
2013-01-07 16:15:19: ServiceDLL: System32\certprop.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: certprop.dll
2013-01-07 16:15:19: Original File Name: certprop.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: CryptSvc
2013-01-07 16:15:19: Real Path: C:\Windows\system32\cryptsvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2013-01-07 16:15:19: ServiceDLL: system32\cryptsvc.dll
2013-01-07 16:15:19: File size: 140288
2013-01-07 16:15:19: DLL File name: cryptsvc.dll
2013-01-07 16:15:19: Original File Name: cryptsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time: 20120423233642 20120624142504 20130107112931
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: CscService
2013-01-07 16:15:19: Real Path: C:\Windows\System32\cscsvc.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2013-01-07 16:15:19: Description: @%systemroot%\system32\cscsvc.dll,-201
2013-01-07 16:15:19: ServiceDLL: System32\cscsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: cscsvc.dll
2013-01-07 16:15:19: Original File Name: cscsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: DcomLaunch
2013-01-07 16:15:19: Real Path: C:\Windows\system32\rpcss.dll
2013-01-07 16:15:19: Display Name: @oleres.dll,-5012
2013-01-07 16:15:19: Description: @oleres.dll,-5013
2013-01-07 16:15:19: ServiceDLL: system32\rpcss.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: rpcss.dll
2013-01-07 16:15:19: Original File Name: rpcss.dll
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: defragsvc
2013-01-07 16:15:19: Real Path: C:\Windows\System32\defragsvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2013-01-07 16:15:19: ServiceDLL: System32\defragsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: defragsvc.dll
2013-01-07 16:15:19: Original File Name: defragsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: Dhcp
2013-01-07 16:15:19: Real Path: C:\Windows\system32\dhcpcore.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\dhcpcore.dll
2013-01-07 16:15:19: File size: 254464
2013-01-07 16:15:19: DLL File name: dhcpcore.dll
2013-01-07 16:15:19: Original File Name: dhcpcore.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time: 20101120071830 20110630232023 20130107161327
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: Dnscache
2013-01-07 16:15:19: Real Path: C:\Windows\System32\dnsrslvr.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2013-01-07 16:15:19: ServiceDLL: System32\dnsrslvr.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: dnsrslvr.dll
2013-01-07 16:15:19: Original File Name: dnsrslvr.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: dot3svc
2013-01-07 16:15:19: Real Path: C:\Windows\System32\dot3svc.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2013-01-07 16:15:19: Description: @%systemroot%\system32\dot3svc.dll,-1103
2013-01-07 16:15:19: ServiceDLL: System32\dot3svc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: dot3svc.dll
2013-01-07 16:15:19: Original File Name: dot3svc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: DPS
2013-01-07 16:15:19: Real Path: C:\Windows\system32\dps.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\dps.dll,-500
2013-01-07 16:15:19: Description: @%systemroot%\system32\dps.dll,-501
2013-01-07 16:15:19: ServiceDLL: system32\dps.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: dps.dll
2013-01-07 16:15:19: Original File Name: dps.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: EapHost
2013-01-07 16:15:19: Real Path: C:\Windows\System32\eapsvc.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2013-01-07 16:15:19: Description: @%systemroot%\system32\eapsvc.dll,-2
2013-01-07 16:15:19: ServiceDLL: System32\eapsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: eapsvc.dll
2013-01-07 16:15:19: Original File Name: eapsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: EventSystem
2013-01-07 16:15:19: Real Path: C:\Windows\system32\es.dll
2013-01-07 16:15:19: Display Name: @comres.dll,-2450
2013-01-07 16:15:19: Description: @comres.dll,-2451
2013-01-07 16:15:19: ServiceDLL: system32\es.dll
2013-01-07 16:15:19: File size: 271360
2013-01-07 16:15:19: DLL File name: es.dll
2013-01-07 16:15:19: Original File Name: ES.DLL
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time: 20090713201519 20090713184438 20130107161327
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: fdPHost
2013-01-07 16:15:19: Real Path: C:\Windows\system32\fdPHost.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\fdPHost.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\fdPHost.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: fdPHost.dll
2013-01-07 16:15:19: Original File Name: fdPHost.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: FDResPub
2013-01-07 16:15:19: Real Path: C:\Windows\system32\fdrespub.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\fdrespub.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\fdrespub.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: fdrespub.dll
2013-01-07 16:15:19: Original File Name: FDResPub.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: !!!!!!!
2013-01-07 16:15:19: Found Service: FontCache
2013-01-07 16:15:19: Real Path: C:\Windows\system32\FntCache.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\FntCache.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\FntCache.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\FntCache.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: FntCache.dll
2013-01-07 16:15:19: Original File Name: FontCacheService
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: !!!!!!!!!
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: gpsvc
2013-01-07 16:15:19: Real Path: C:\Windows\System32\gpsvc.dll
2013-01-07 16:15:19: Display Name: @gpapi.dll,-112
2013-01-07 16:15:19: Description: @gpapi.dll,-113
2013-01-07 16:15:19: ServiceDLL: System32\gpsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: gpsvc.dll
2013-01-07 16:15:19: Original File Name: gpsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: hidserv
2013-01-07 16:15:19: Real Path: C:\Windows\System32\hidserv.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\hidserv.dll,-102
2013-01-07 16:15:19: ServiceDLL: System32\hidserv.dll
2013-01-07 16:15:19: File size: 49152
2013-01-07 16:15:19: DLL File name: hidserv.dll
2013-01-07 16:15:19: Original File Name: HIDSERV.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time: 20090713201524 20090713185109 20130107161327
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: hkmsvc
2013-01-07 16:15:19: Real Path: C:\Windows\system32\kmsvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2013-01-07 16:15:19: ServiceDLL: system32\kmsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: kmsvc.dll
2013-01-07 16:15:19: Original File Name: KmSvc.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: HomeGroupListener
2013-01-07 16:15:19: Real Path: C:\Windows\system32\ListSvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\ListSvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: ListSvc.dll
2013-01-07 16:15:19: Original File Name: ListSvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: HomeGroupProvider
2013-01-07 16:15:19: Real Path: C:\Windows\system32\provsvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2013-01-07 16:15:19: Description: @%SystemRoot%\System32\provsvc.dll,-101
2013-01-07 16:15:19: ServiceDLL: system32\provsvc.dll
2013-01-07 16:15:19: File size: 165376
2013-01-07 16:15:19: DLL File name: provsvc.dll
2013-01-07 16:15:19: Original File Name: provsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time: 20101120072057 20110630231948 20130107161327
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: IKEEXT
2013-01-07 16:15:19: Real Path: C:\Windows\System32\ikeext.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\ikeext.dll,-502
2013-01-07 16:15:19: ServiceDLL: System32\ikeext.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: ikeext.dll
2013-01-07 16:15:19: Original File Name: IKEEXT.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: IPBusEnum
2013-01-07 16:15:19: Real Path: C:\Windows\system32\ipbusenum.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2013-01-07 16:15:19: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2013-01-07 16:15:19: ServiceDLL: system32\ipbusenum.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: ipbusenum.dll
2013-01-07 16:15:19: Original File Name: IPBusEnum.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: iphlpsvc
2013-01-07 16:15:19: Real Path: C:\Windows\System32\iphlpsvc.dll
2013-01-07 16:15:19: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2013-01-07 16:15:19: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2013-01-07 16:15:19: ServiceDLL: System32\iphlpsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: iphlpsvc.dll
2013-01-07 16:15:19: Original File Name: iphlpsvc.dll.mui
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: KtmRm
2013-01-07 16:15:19: Real Path: C:\Windows\system32\msdtckrm.dll
2013-01-07 16:15:19: Display Name: @comres.dll,-2946
2013-01-07 16:15:19: Description: @comres.dll,-2947
2013-01-07 16:15:19: ServiceDLL: system32\msdtckrm.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: msdtckrm.dll
2013-01-07 16:15:19: Original File Name: MSDTCKRM.DLL
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: LanmanServer
2013-01-07 16:15:19: Real Path: C:\Windows\System32\srvsvc.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\srvsvc.dll,-101
2013-01-07 16:15:19: ServiceDLL: System32\srvsvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: srvsvc.dll
2013-01-07 16:15:19: Original File Name: SRVSVC.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:19: ---------------------------------------------------------------------
2013-01-07 16:15:19: Found Service: LanmanWorkstation
2013-01-07 16:15:19: Real Path: C:\Windows\System32\wkssvc.dll
2013-01-07 16:15:19: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2013-01-07 16:15:19: Description: @%systemroot%\system32\wkssvc.dll,-101
2013-01-07 16:15:19: ServiceDLL: System32\wkssvc.dll
2013-01-07 16:15:19: File size: 0
2013-01-07 16:15:19: DLL File name: wkssvc.dll
2013-01-07 16:15:19: Original File Name: WKSSVC.DLL.MUI
2013-01-07 16:15:19: Company:
2013-01-07 16:15:19: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: lltdsvc
2013-01-07 16:15:20: Real Path: C:\Windows\System32\lltdsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\lltdres.dll,-2
2013-01-07 16:15:20: ServiceDLL: System32\lltdsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: lltdsvc.dll
2013-01-07 16:15:20: Original File Name: LLTDSVC.DLL
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: lmhosts
2013-01-07 16:15:20: Real Path: C:\Windows\System32\lmhsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2013-01-07 16:15:20: ServiceDLL: System32\lmhsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: lmhsvc.dll
2013-01-07 16:15:20: Original File Name: lmhsvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: Mcx2Svc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\Mcx2Svc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2013-01-07 16:15:20: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2013-01-07 16:15:20: ServiceDLL: system32\Mcx2Svc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: Mcx2Svc.dll
2013-01-07 16:15:20: Original File Name: Mcx2Svc.dll
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: MMCSS
2013-01-07 16:15:20: Real Path: C:\Windows\system32\mmcss.dll
2013-01-07 16:15:20: Display Name: @%systemroot%\system32\mmcss.dll,-100
2013-01-07 16:15:20: Description: @%systemroot%\system32\mmcss.dll,-101
2013-01-07 16:15:20: ServiceDLL: system32\mmcss.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: mmcss.dll
2013-01-07 16:15:20: Original File Name: mmcss.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: MpsSvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\mpssvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2013-01-07 16:15:20: ServiceDLL: system32\mpssvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: mpssvc.dll
2013-01-07 16:15:20: Original File Name: mpssvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: MSiSCSI
2013-01-07 16:15:20: Real Path: C:\Windows\system32\iscsiexe.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2013-01-07 16:15:20: ServiceDLL: system32\iscsiexe.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: iscsiexe.dll
2013-01-07 16:15:20: Original File Name: iscsiexe.exe.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: napagent
2013-01-07 16:15:20: Real Path: C:\Windows\system32\qagentRT.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2013-01-07 16:15:20: ServiceDLL: system32\qagentRT.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: qagentRT.dll
2013-01-07 16:15:20: Original File Name: QAgentRT.DLL.MUI
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: Netman
2013-01-07 16:15:20: Real Path: C:\Windows\System32\netman.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\netman.dll,-109
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\netman.dll,-110
2013-01-07 16:15:20: ServiceDLL: System32\netman.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: netman.dll
2013-01-07 16:15:20: Original File Name: netman.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: netprofm
2013-01-07 16:15:20: Real Path: C:\Windows\System32\netprofm.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\netprofm.dll,-203
2013-01-07 16:15:20: ServiceDLL: System32\netprofm.dll
2013-01-07 16:15:20: File size: 360448
2013-01-07 16:15:20: DLL File name: netprofm.dll
2013-01-07 16:15:20: Original File Name: netprofm.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time: 20090713201603 20090713185658 20130107161038
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: NlaSvc
2013-01-07 16:15:20: Real Path: C:\Windows\System32\nlasvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2013-01-07 16:15:20: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2013-01-07 16:15:20: ServiceDLL: System32\nlasvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: nlasvc.dll
2013-01-07 16:15:20: Original File Name: nlasvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: nsi
2013-01-07 16:15:20: Real Path: C:\Windows\system32\nsisvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2013-01-07 16:15:20: ServiceDLL: system32\nsisvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: nsisvc.dll
2013-01-07 16:15:20: Original File Name: nsisvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: p2pimsvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\pnrpsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2013-01-07 16:15:20: ServiceDLL: system32\pnrpsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: pnrpsvc.dll
2013-01-07 16:15:20: Original File Name: pnrpsvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: p2psvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\p2psvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2013-01-07 16:15:20: ServiceDLL: system32\p2psvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: p2psvc.dll
2013-01-07 16:15:20: Original File Name: p2psvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: !!!!!!!
2013-01-07 16:15:20: Found Service: PcaSvc
2013-01-07 16:15:20: Real Path: C:\Windows\System32\pcasvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2013-01-07 16:15:20: ServiceDLL: System32\pcasvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: pcasvc.dll
2013-01-07 16:15:20: Original File Name:
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: !!!!!!!!!
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: PeerDistSvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\peerdistsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2013-01-07 16:15:20: ServiceDLL: system32\peerdistsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: peerdistsvc.dll
2013-01-07 16:15:20: Original File Name: PeerDistSvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: pla
2013-01-07 16:15:20: Real Path: C:\Windows\system32\pla.dll
2013-01-07 16:15:20: Display Name: @%systemroot%\system32\pla.dll,-500
2013-01-07 16:15:20: Description: @%systemroot%\system32\pla.dll,-501
2013-01-07 16:15:20: ServiceDLL: system32\pla.dll
2013-01-07 16:15:20: File size: 1508864
2013-01-07 16:15:20: DLL File name: pla.dll
2013-01-07 16:15:20: Original File Name: PLA.DLL.MUI
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time: 20101120072054 20110630232006 20130107161328
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: PlugPlay
2013-01-07 16:15:20: Real Path: C:\Windows\system32\umpnpmgr.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2013-01-07 16:15:20: ServiceDLL: system32\umpnpmgr.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: umpnpmgr.dll
2013-01-07 16:15:20: Original File Name: Umpnpmgr.DLL.MUI
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: PNRPAutoReg
2013-01-07 16:15:20: Real Path: C:\Windows\system32\pnrpauto.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2013-01-07 16:15:20: ServiceDLL: system32\pnrpauto.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: pnrpauto.dll
2013-01-07 16:15:20: Original File Name: pnrpauto.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: PNRPsvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\pnrpsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2013-01-07 16:15:20: ServiceDLL: system32\pnrpsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: pnrpsvc.dll
2013-01-07 16:15:20: Original File Name: pnrpsvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: PolicyAgent
2013-01-07 16:15:20: Real Path: C:\Windows\System32\ipsecsvc.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\polstore.dll,-5011
2013-01-07 16:15:20: ServiceDLL: System32\ipsecsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: ipsecsvc.dll
2013-01-07 16:15:20: Original File Name: ipsecsvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: Power
2013-01-07 16:15:20: Real Path: C:\Windows\system32\umpo.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\umpo.dll,-101
2013-01-07 16:15:20: ServiceDLL: system32\umpo.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: umpo.dll
2013-01-07 16:15:20: Original File Name: Umpo.DLL.MUI
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: ProfSvc
2013-01-07 16:15:20: Real Path: C:\Windows\system32\profsvc.dll
2013-01-07 16:15:20: Display Name: @%systemroot%\system32\profsvc.dll,-300
2013-01-07 16:15:20: Description: @%systemroot%\system32\profsvc.dll,-301
2013-01-07 16:15:20: ServiceDLL: system32\profsvc.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: profsvc.dll
2013-01-07 16:15:20: Original File Name: ProfSvc.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: QWAVE
2013-01-07 16:15:20: Real Path: C:\Windows\system32\qwave.dll
2013-01-07 16:15:20: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2013-01-07 16:15:20: Description: @%SystemRoot%\system32\qwave.dll,-2
2013-01-07 16:15:20: ServiceDLL: system32\qwave.dll
2013-01-07 16:15:20: File size: 210944
2013-01-07 16:15:20: DLL File name: qwave.dll
2013-01-07 16:15:20: Original File Name: qwave.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time: 20090713201612 20090713185415 20130107161328
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: RasAuto
2013-01-07 16:15:20: Real Path: C:\Windows\System32\rasauto.dll
2013-01-07 16:15:20: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2013-01-07 16:15:20: Description: @%Systemroot%\system32\rasauto.dll,-201
2013-01-07 16:15:20: ServiceDLL: System32\rasauto.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: rasauto.dll
2013-01-07 16:15:20: Original File Name: rasauto.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:20: ---------------------------------------------------------------------
2013-01-07 16:15:20: Found Service: RasMan
2013-01-07 16:15:20: Real Path: C:\Windows\System32\rasmans.dll
2013-01-07 16:15:20: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2013-01-07 16:15:20: Description: @%Systemroot%\system32\rasmans.dll,-201
2013-01-07 16:15:20: ServiceDLL: System32\rasmans.dll
2013-01-07 16:15:20: File size: 0
2013-01-07 16:15:20: DLL File name: rasmans.dll
2013-01-07 16:15:20: Original File Name: Rasmans.dll.mui
2013-01-07 16:15:20: Company:
2013-01-07 16:15:20: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: RemoteAccess
2013-01-07 16:15:21: Real Path: C:\Windows\System32\mprdim.dll
2013-01-07 16:15:21: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2013-01-07 16:15:21: Description: @%Systemroot%\system32\mprdim.dll,-201
2013-01-07 16:15:21: ServiceDLL: System32\mprdim.dll
2013-01-07 16:15:21: File size: 75264
2013-01-07 16:15:21: DLL File name: mprdim.dll
2013-01-07 16:15:21: Original File Name: MPRDIM.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20090713201541 20090713185426 20130107161328
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: RemoteRegistry
2013-01-07 16:15:21: Real Path: C:\Windows\system32\regsvc.dll
2013-01-07 16:15:21: Display Name: @regsvc.dll,-1
2013-01-07 16:15:21: Description: @regsvc.dll,-2
2013-01-07 16:15:21: ServiceDLL: system32\regsvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: regsvc.dll
2013-01-07 16:15:21: Original File Name: REGSVC.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: RpcEptMapper
2013-01-07 16:15:21: Real Path: C:\Windows\System32\RpcEpMap.dll
2013-01-07 16:15:21: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2013-01-07 16:15:21: Description: @%windir%\system32\RpcEpMap.dll,-1002
2013-01-07 16:15:21: ServiceDLL: System32\RpcEpMap.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: RpcEpMap.dll
2013-01-07 16:15:21: Original File Name: RpcEpMap.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: RpcSs
2013-01-07 16:15:21: Real Path: C:\Windows\system32\rpcss.dll
2013-01-07 16:15:21: Display Name: @oleres.dll,-5010
2013-01-07 16:15:21: Description: @oleres.dll,-5011
2013-01-07 16:15:21: ServiceDLL: system32\rpcss.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: rpcss.dll
2013-01-07 16:15:21: Original File Name: rpcss.dll
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SCardSvr
2013-01-07 16:15:21: Real Path: C:\Windows\System32\SCardSvr.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2013-01-07 16:15:21: ServiceDLL: System32\SCardSvr.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: SCardSvr.dll
2013-01-07 16:15:21: Original File Name: SCardSvr.exe.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: Schedule
2013-01-07 16:15:21: Real Path: C:\Windows\system32\schedsvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2013-01-07 16:15:21: ServiceDLL: system32\schedsvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: schedsvc.dll
2013-01-07 16:15:21: Original File Name: schedsvc.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SCPolicySvc
2013-01-07 16:15:21: Real Path: C:\Windows\System32\certprop.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\certprop.dll,-14
2013-01-07 16:15:21: ServiceDLL: System32\certprop.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: certprop.dll
2013-01-07 16:15:21: Original File Name: certprop.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SDRSVC
2013-01-07 16:15:21: Real Path: C:\Windows\System32\SDRSVC.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2013-01-07 16:15:21: ServiceDLL: System32\SDRSVC.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: SDRSVC.dll
2013-01-07 16:15:21: Original File Name: SDRSVC.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: seclogon
2013-01-07 16:15:21: Real Path: C:\Windows\system32\seclogon.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2013-01-07 16:15:21: ServiceDLL: system32\seclogon.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: seclogon.dll
2013-01-07 16:15:21: Original File Name: SECLOGON.EXE.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SENS
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sens.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\Sens.dll,-201
2013-01-07 16:15:21: ServiceDLL: system32\sens.dll
2013-01-07 16:15:21: File size: 49664
2013-01-07 16:15:21: DLL File name: sens.dll
2013-01-07 16:15:21: Original File Name: sens.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20090713201613 20090713182158 20130107161328
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SensrSvc
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sensrsvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2013-01-07 16:15:21: ServiceDLL: system32\sensrsvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: sensrsvc.dll
2013-01-07 16:15:21: Original File Name: sensrsvc.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SessionEnv
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sessenv.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2013-01-07 16:15:21: ServiceDLL: system32\sessenv.dll
2013-01-07 16:15:21: File size: 113664
2013-01-07 16:15:21: DLL File name: sessenv.dll
2013-01-07 16:15:21: Original File Name: SessEnv.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20101120072108 20110630232031 20130107161328
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SharedAccess
2013-01-07 16:15:21: Real Path: C:\Windows\System32\ipnathlp.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2013-01-07 16:15:21: ServiceDLL: System32\ipnathlp.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: ipnathlp.dll
2013-01-07 16:15:21: Original File Name: IPNATHLP.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: ShellHWDetection
2013-01-07 16:15:21: Real Path: C:\Windows\System32\shsvcs.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2013-01-07 16:15:21: ServiceDLL: System32\shsvcs.dll
2013-01-07 16:15:21: File size: 328192
2013-01-07 16:15:21: DLL File name: shsvcs.dll
2013-01-07 16:15:21: Original File Name: SHSVCS.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20101120072119 20110630232004 20130107161328
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: sppuinotify
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sppuinotify.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2013-01-07 16:15:21: ServiceDLL: system32\sppuinotify.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: sppuinotify.dll
2013-01-07 16:15:21: Original File Name: sppuinotify.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SSDPSRV
2013-01-07 16:15:21: Real Path: C:\Windows\System32\ssdpsrv.dll
2013-01-07 16:15:21: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2013-01-07 16:15:21: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2013-01-07 16:15:21: ServiceDLL: System32\ssdpsrv.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: ssdpsrv.dll
2013-01-07 16:15:21: Original File Name: ssdpsrv.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SstpSvc
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sstpsvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2013-01-07 16:15:21: ServiceDLL: system32\sstpsvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: sstpsvc.dll
2013-01-07 16:15:21: Original File Name: sstpsvc.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: stisvc
2013-01-07 16:15:21: Real Path: C:\Windows\System32\wiaservc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2013-01-07 16:15:21: ServiceDLL: System32\wiaservc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: wiaservc.dll
2013-01-07 16:15:21: Original File Name: WIASERVC.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: StorSvc
2013-01-07 16:15:21: Real Path: C:\Windows\system32\storsvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\StorSvc.dll,-101
2013-01-07 16:15:21: ServiceDLL: system32\storsvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: storsvc.dll
2013-01-07 16:15:21: Original File Name: StorSvc.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: swprv
2013-01-07 16:15:21: Real Path: C:\Windows\System32\swprv.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\swprv.dll,-102
2013-01-07 16:15:21: ServiceDLL: System32\swprv.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: swprv.dll
2013-01-07 16:15:21: Original File Name: SWPRV.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: SysMain
2013-01-07 16:15:21: Real Path: C:\Windows\system32\sysmain.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2013-01-07 16:15:21: ServiceDLL: system32\sysmain.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: sysmain.dll
2013-01-07 16:15:21: Original File Name: sysmain.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: TabletInputService
2013-01-07 16:15:21: Real Path: C:\Windows\System32\TabSvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2013-01-07 16:15:21: ServiceDLL: System32\TabSvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: TabSvc.dll
2013-01-07 16:15:21: Original File Name: TabSvc.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: TapiSrv
2013-01-07 16:15:21: Real Path: C:\Windows\System32\tapisrv.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2013-01-07 16:15:21: ServiceDLL: System32\tapisrv.dll
2013-01-07 16:15:21: File size: 242176
2013-01-07 16:15:21: DLL File name: tapisrv.dll
2013-01-07 16:15:21: Original File Name: TAPISRV.EXE.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20101120072128 20110630231955 20130107161328
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: TBS
2013-01-07 16:15:21: Real Path: C:\Windows\System32\tbssvc.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2013-01-07 16:15:21: ServiceDLL: System32\tbssvc.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: tbssvc.dll
2013-01-07 16:15:21: Original File Name: TBSSVC.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: TermService
2013-01-07 16:15:21: Real Path: C:\Windows\System32\termsrv.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\termsrv.dll,-267
2013-01-07 16:15:21: ServiceDLL: System32\termsrv.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: termsrv.dll
2013-01-07 16:15:21: Original File Name: termsrv.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: Themes
2013-01-07 16:15:21: Real Path: C:\Windows\system32\themeservice.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2013-01-07 16:15:21: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2013-01-07 16:15:21: ServiceDLL: system32\themeservice.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: themeservice.dll
2013-01-07 16:15:21: Original File Name: THEMESERVICE.DLL.MUI
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: THREADORDER
2013-01-07 16:15:21: Real Path: C:\Windows\system32\mmcss.dll
2013-01-07 16:15:21: Display Name: @%systemroot%\system32\mmcss.dll,-102
2013-01-07 16:15:21: Description: @%systemroot%\system32\mmcss.dll,-103
2013-01-07 16:15:21: ServiceDLL: system32\mmcss.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: mmcss.dll
2013-01-07 16:15:21: Original File Name: mmcss.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: TrkWks
2013-01-07 16:15:21: Real Path: C:\Windows\System32\trkwks.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\trkwks.dll,-2
2013-01-07 16:15:21: ServiceDLL: System32\trkwks.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: trkwks.dll
2013-01-07 16:15:21: Original File Name: trkwks.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: UmRdpService
2013-01-07 16:15:21: Real Path: C:\Windows\System32\umrdp.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2013-01-07 16:15:21: ServiceDLL: System32\umrdp.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: umrdp.dll
2013-01-07 16:15:21: Original File Name: umrdp.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:21: !!!!!!!
2013-01-07 16:15:21: Found Service: upnphost
2013-01-07 16:15:21: Real Path: C:\Windows\System32\upnphost.dll
2013-01-07 16:15:21: Display Name: @%systemroot%\system32\upnphost.dll,-213
2013-01-07 16:15:21: Description: @%systemroot%\system32\upnphost.dll,-214
2013-01-07 16:15:21: ServiceDLL: System32\upnphost.dll
2013-01-07 16:15:21: File size: 266752
2013-01-07 16:15:21: DLL File name: upnphost.dll
2013-01-07 16:15:21: Original File Name: unpnhost.dll.mui
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time: 20090713201617 20090713185541 20130107161328
2013-01-07 16:15:21: !!!!!!!!!
2013-01-07 16:15:21: ---------------------------------------------------------------------
2013-01-07 16:15:21: Found Service: UxSms
2013-01-07 16:15:21: Real Path: C:\Windows\System32\uxsms.dll
2013-01-07 16:15:21: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2013-01-07 16:15:21: Description: @%SystemRoot%\system32\dwm.exe,-2001
2013-01-07 16:15:21: ServiceDLL: System32\uxsms.dll
2013-01-07 16:15:21: File size: 0
2013-01-07 16:15:21: DLL File name: uxsms.dll
2013-01-07 16:15:21: Original File Name: UxSms.dll
2013-01-07 16:15:21: Company:
2013-01-07 16:15:21: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: W32Time
2013-01-07 16:15:22: Real Path: C:\Windows\system32\w32time.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\w32time.dll,-201
2013-01-07 16:15:22: ServiceDLL: system32\w32time.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: w32time.dll
2013-01-07 16:15:22: Original File Name: w32time.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WbioSrvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wbiosrvc.dll
2013-01-07 16:15:22: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2013-01-07 16:15:22: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2013-01-07 16:15:22: ServiceDLL: System32\wbiosrvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wbiosrvc.dll
2013-01-07 16:15:22: Original File Name: wbiosrvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: wcncsvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wcncsvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2013-01-07 16:15:22: ServiceDLL: System32\wcncsvc.dll
2013-01-07 16:15:22: File size: 276992
2013-01-07 16:15:22: DLL File name: wcncsvc.dll
2013-01-07 16:15:22: Original File Name: WCNCSVC.DLL.MUI
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20101120072135 20110630232002 20130107161328
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WcsPlugInService
2013-01-07 16:15:22: Real Path: C:\Windows\System32\WcsPlugInService.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2013-01-07 16:15:22: ServiceDLL: System32\WcsPlugInService.dll
2013-01-07 16:15:22: File size: 32768
2013-01-07 16:15:22: DLL File name: WcsPlugInService.dll
2013-01-07 16:15:22: Original File Name: WcsPlugInService.DLL.MUI
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20090713201618 20090713182513 20130107161328
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WdiServiceHost
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wdi.dll
2013-01-07 16:15:22: Display Name: @%systemroot%\system32\wdi.dll,-502
2013-01-07 16:15:22: Description: @%systemroot%\system32\wdi.dll,-503
2013-01-07 16:15:22: ServiceDLL: system32\wdi.dll
2013-01-07 16:15:22: File size: 76288
2013-01-07 16:15:22: DLL File name: wdi.dll
2013-01-07 16:15:22: Original File Name: wdi.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20090713201618 20090713181947 20130107161328
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WdiSystemHost
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wdi.dll
2013-01-07 16:15:22: Display Name: @%systemroot%\system32\wdi.dll,-500
2013-01-07 16:15:22: Description: @%systemroot%\system32\wdi.dll,-501
2013-01-07 16:15:22: ServiceDLL: system32\wdi.dll
2013-01-07 16:15:22: File size: 76288
2013-01-07 16:15:22: DLL File name: wdi.dll
2013-01-07 16:15:22: Original File Name: wdi.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20090713201618 20090713181947 20130107161328
2013-01-07 16:15:22: !!!!!!!
2013-01-07 16:15:22: Found Service: WebClient
2013-01-07 16:15:22: Real Path: C:\Windows\System32\webclnt.dll
2013-01-07 16:15:22: Display Name: @%systemroot%\system32\webclnt.dll,-100
2013-01-07 16:15:22: Description: @%systemroot%\system32\webclnt.dll,-101
2013-01-07 16:15:22: ServiceDLL: System32\webclnt.dll
2013-01-07 16:15:22: File size: 204800
2013-01-07 16:15:22: DLL File name: webclnt.dll
2013-01-07 16:15:22: Original File Name: davsvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20101120072135 20110630232030 20130107161328
2013-01-07 16:15:22: !!!!!!!!!
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: Wecsvc
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wecsvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2013-01-07 16:15:22: ServiceDLL: system32\wecsvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wecsvc.dll
2013-01-07 16:15:22: Original File Name: wecsvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: !!!!!!!
2013-01-07 16:15:22: Found Service: wercplsupport
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wercplsupport.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2013-01-07 16:15:22: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2013-01-07 16:15:22: ServiceDLL: System32\wercplsupport.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wercplsupport.dll
2013-01-07 16:15:22: Original File Name: ERC
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: !!!!!!!!!
2013-01-07 16:15:22: !!!!!!!
2013-01-07 16:15:22: Found Service: WerSvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\WerSvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2013-01-07 16:15:22: Description: @%SystemRoot%\System32\wersvc.dll,-101
2013-01-07 16:15:22: ServiceDLL: System32\WerSvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: WerSvc.dll
2013-01-07 16:15:22: Original File Name: wersvc
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: !!!!!!!!!
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: Winmgmt
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2013-01-07 16:15:22: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2013-01-07 16:15:22: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2013-01-07 16:15:22: ServiceDLL: system32\wbem\WMIsvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: WMIsvc.dll
2013-01-07 16:15:22: Original File Name: wmisvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WinRM
2013-01-07 16:15:22: Real Path: C:\Windows\system32\WsmSvc.dll
2013-01-07 16:15:22: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2013-01-07 16:15:22: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2013-01-07 16:15:22: ServiceDLL: system32\WsmSvc.dll
2013-01-07 16:15:22: File size: 1175040
2013-01-07 16:15:22: DLL File name: WsmSvc.dll
2013-01-07 16:15:22: Original File Name: WsmSvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20101120072139 20110630232034 20130107161328
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: Wlansvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wlansvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2013-01-07 16:15:22: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2013-01-07 16:15:22: ServiceDLL: System32\wlansvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wlansvc.dll
2013-01-07 16:15:22: Original File Name: wlansvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WPCSvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wpcsvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2013-01-07 16:15:22: ServiceDLL: System32\wpcsvc.dll
2013-01-07 16:15:22: File size: 10752
2013-01-07 16:15:22: DLL File name: wpcsvc.dll
2013-01-07 16:15:22: Original File Name: wpcsvc.exe.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time: 20090713201620 20090713184010 20130107161328
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WPDBusEnum
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wpdbusenum.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2013-01-07 16:15:22: ServiceDLL: system32\wpdbusenum.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wpdbusenum.dll
2013-01-07 16:15:22: Original File Name: WpdBusEnum.DLL.MUI
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: wscsvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wscsvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2013-01-07 16:15:22: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2013-01-07 16:15:22: ServiceDLL: System32\wscsvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wscsvc.dll
2013-01-07 16:15:22: Original File Name: wscsvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: wuauserv
2013-01-07 16:15:22: Real Path: C:\Windows\system32\wuaueng.dll
2013-01-07 16:15:22: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2013-01-07 16:15:22: Description: @%systemroot%\system32\wuaueng.dll,-106
2013-01-07 16:15:22: ServiceDLL: system32\wuaueng.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wuaueng.dll
2013-01-07 16:15:22: Original File Name: wuaueng.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: wudfsvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\WUDFSvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2013-01-07 16:15:22: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2013-01-07 16:15:22: ServiceDLL: System32\WUDFSvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: WUDFSvc.dll
2013-01-07 16:15:22: Original File Name: WUDFSvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22: ---------------------------------------------------------------------
2013-01-07 16:15:22: Found Service: WwanSvc
2013-01-07 16:15:22: Real Path: C:\Windows\System32\wwansvc.dll
2013-01-07 16:15:22: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2013-01-07 16:15:22: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2013-01-07 16:15:22: ServiceDLL: System32\wwansvc.dll
2013-01-07 16:15:22: File size: 0
2013-01-07 16:15:22: DLL File name: wwansvc.dll
2013-01-07 16:15:22: Original File Name: WwanSvc.dll.mui
2013-01-07 16:15:22: Company:
2013-01-07 16:15:22: Mod/Cre/Acc time:
2013-01-07 16:15:22:
2013-01-07 16:15:22: Looking for SHELL key
2013-01-07 16:15:22: Now looking for bad DLL files in system32
2013-01-07 16:15:56: Folder: GAC
2013-01-07 16:15:56: Folder: GAC_32
2013-01-07 16:15:56: Folder: GAC_64
2013-01-07 16:15:56: Folder: GAC_MSIL
2013-01-07 16:15:56: Folder: NativeImages_v2.0.50727_32
2013-01-07 16:15:56: Folder: NativeImages_v2.0.50727_64
2013-01-07 16:15:56: Folder: NativeImages_v4.0.30319_32
2013-01-07 16:15:56: Folder: NativeImages_v4.0.30319_64
2013-01-07 16:15:56: Folder: temp
2013-01-07 16:15:56: Folder: tmp
2013-01-07 16:15:56: Checking for bad folder
2013-01-07 16:15:56: Found 1 folders.
2013-01-07 16:15:56: Checking C:\Windows\assembly\tmp
2013-01-07 16:15:56: ... Folder test returns: 1
2013-01-07 16:15:56: Done with folder list in C:\Windows\assembly\ tmp
2013-01-07 16:15:56: Autonomous mode, clearing out yt folder
2013-01-07 16:15:56: cmd.exe /c start "C:\Users\Home\Downloads\yorkyt.exe"
2013-01-07 16:16:04: Restarting...
2013-01-07 16:19:58: ****************************************************
2013-01-07 16:19:58: Starting UP ... v 0.0.0.220
2013-01-07 16:19:58: ****************************************************
2013-01-07 16:20:01: Stop TPSRV returns: 2
2013-01-07 16:20:17: Listing processes...
2013-01-07 16:20:17: :[System Process]:0
2013-01-07 16:20:17: :System:4
2013-01-07 16:20:17: :smss.exe:404
2013-01-07 16:20:17: :csrss.exe:576
2013-01-07 16:20:17: :wininit.exe:664
2013-01-07 16:20:17: :csrss.exe:700
2013-01-07 16:20:17: :services.exe:724
2013-01-07 16:20:17: :lsass.exe:756
2013-01-07 16:20:17: :lsm.exe:764
2013-01-07 16:20:17: :winlogon.exe:816
2013-01-07 16:20:17: :svchost.exe:912
2013-01-07 16:20:17: :svchost.exe:1008
2013-01-07 16:20:17: :atiesrxx.exe:428
2013-01-07 16:20:17: :svchost.exe:580
2013-01-07 16:20:17: :svchost.exe:856
2013-01-07 16:20:17: :svchost.exe:1036
2013-01-07 16:20:17: :audiodg.exe:1104
2013-01-07 16:20:17: :svchost.exe:1200
2013-01-07 16:20:17: :atieclxx.exe:1268
2013-01-07 16:20:17: :svchost.exe:1464
2013-01-07 16:20:17: :AvastSvc.exe:1540
2013-01-07 16:20:17: :spoolsv.exe:1716
2013-01-07 16:20:17: :svchost.exe:1748
2013-01-07 16:20:18: :ADBlockerSrv.exe:1964
2013-01-07 16:20:18: :AppleMobileDeviceService.exe:1988
2013-01-07 16:20:18: :ASDSrv.exe:2044
2013-01-07 16:20:18: :BCUService.exe:1332
2013-01-07 16:20:18: :mDNSResponder.exe:1492
2013-01-07 16:20:18: :CLCapSvc.exe:1580
2013-01-07 16:20:18: :CLMLServer.exe:1800
2013-01-07 16:20:18: :ekrn.exe:116
2013-01-07 16:20:18: :essvr.exe:2140
2013-01-07 16:20:18: :XSrvSetup.exe:2164
2013-01-07 16:20:18: :LVPrcSrv.exe:2184
2013-01-07 16:20:18: :mbamscheduler.exe:2220
2013-01-07 16:20:18: :LVPrS64H.exe:2236
2013-01-07 16:20:18: :mbamservice.exe:2264
2013-01-07 16:20:18: :msiexec.exe:2304
2013-01-07 16:20:18: :PassThruSvr.exe:2440
2013-01-07 16:20:18: :svchost.exe:2496
2013-01-07 16:20:18: :SlingAgentService.exe:2520
2013-01-07 16:20:18: :svchost.exe:2552
2013-01-07 16:20:18: :WLIDSVC.EXE:2584
2013-01-07 16:20:18: :WLIDSVCM.EXE:2700
2013-01-07 16:20:18: :taskhost.exe:2968
2013-01-07 16:20:18: :mbamgui.exe:2992
2013-01-07 16:20:18: :dwm.exe:2104
2013-01-07 16:20:18: :explorer.exe:2596
2013-01-07 16:20:18: :WmiPrvSE.exe:3200
2013-01-07 16:20:18: :CLSched.exe:3436
2013-01-07 16:20:18: :WUDFHost.exe:3756
2013-01-07 16:20:18: :taskeng.exe:3880
2013-01-07 16:20:18: :taskeng.exe:3992
2013-01-07 16:20:18: :rundll32.exe:3428
2013-01-07 16:20:18: :yorkyt.exe:3068
2013-01-07 16:20:18: :RAVCpl64.exe:3840
2013-01-07 16:20:18: :egui.exe:3292
2013-01-07 16:20:18: :sidebar.exe:2076
2013-01-07 16:20:18: :runonce.exe:3308
2013-01-07 16:20:18: :Dropbox.exe:4020
2013-01-07 16:20:18: :BCU.exe:3296
2013-01-07 16:20:18: :CLIStart.exe:2676
2013-01-07 16:20:18: :SearchIndexer.exe:1148
2013-01-07 16:20:18: :MagicDisc.exe:2728
2013-01-07 16:20:18: :MOM.exe:3272
2013-01-07 16:20:18: :nusb3mon.exe:3344
2013-01-07 16:20:18: :svchost.exe:4124
2013-01-07 16:20:18: :CMCService.exe:4144
2013-01-07 16:20:18: :pptd40nt.exe:4216
2013-01-07 16:20:18: :IndexSearch.exe:4284
2013-01-07 16:20:18: :BrMfcWnd.exe:4348
2013-01-07 16:20:18: :LWS.exe:4392
2013-01-07 16:20:18: :BrCtrCen.exe:4464
2013-01-07 16:20:18:
2013-01-07 16:20:18: Starting cleanup mode...
2013-01-07 16:20:33: ... Done with files, now folders
2013-01-07 16:20:54: All DONE

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2013 - 05:22 PM

1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove all but one of those antiviruses.

2.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 05:42 PM

Ok, I removed all but Avast! Antivirus, the computer appears to running as before the virus.

Here is the AdwCleaner log:

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 17:33:14
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\0nbvpi4b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.41] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.44] : keyword = "isearch.avg.com",
Deleted [l.47] : search_url = "hxxp://isearch.avg.com/search?cid={4F01D6EE-08BC-40A2-AB1A-885853BA675A}&mid=05[...]

*************************

AdwCleaner[R1].txt - [15932 octets] - [05/01/2013 23:46:22]
AdwCleaner[R2].txt - [1413 octets] - [07/01/2013 16:11:45]
AdwCleaner[S2].txt - [16357 octets] - [05/01/2013 23:50:44]
AdwCleaner[S3].txt - [1202 octets] - [07/01/2013 17:33:14]

########## EOF - C:\AdwCleaner[S3].txt - [1262 octets] ##########

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2013 - 05:48 PM

Hello,

Please run FRST again as you did the first time and post me the log.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 kart

kart
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 January 2013 - 06:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 07-01-2013 17:53:45
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe" [172032 2007-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2013-01-07] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-01-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336952 2012-04-18] (Power Software Ltd)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Home\...\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-27] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\Home\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Home\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ===================

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [110944 2011-11-22] (BlueStack Systems, Inc.)
2 CLCapSvc; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe" [262239 2007-08-02] ()
2 CLSched; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe" [110685 2007-08-02] ()
2 CyberLink Media Library Service; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe" [1073152 2007-08-02] (Cyberlink)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
3 jswpsapi; C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe [352338 2007-10-29] (Atheros Communications, Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [x]

==================== Drivers (Whitelisted) =====================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21544 2010-04-06] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1228160 2007-08-21] (ATI Technologies Inc.)
2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70496 2011-11-22] (BlueStack Systems)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-07 14:33 - 2013-01-07 14:33 - 00001331 ____A C:\AdwCleaner[S3].txt
2013-01-07 14:14 - 2013-01-07 14:17 - 00400436 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2013-01-07 14:07 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-07 14:07 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-07 14:07 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-01-07 14:07 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-07 14:07 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-01-07 14:07 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-07 14:07 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-07 14:07 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-07 14:07 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-01-07 14:07 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-01-07 14:07 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-01-07 14:07 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-07 14:07 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-01-07 14:07 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-01-07 14:07 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-01-07 14:07 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-01-07 14:07 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-07 14:07 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-01-07 14:07 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-01-07 14:07 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-07 14:07 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-07 14:07 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-07 14:07 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-07 14:07 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-07 13:58 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-07 13:58 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-07 13:58 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-07 13:58 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-07 13:58 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-07 13:58 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-01-07 13:58 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-01-07 13:58 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-07 13:58 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-07 13:58 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-01-07 13:58 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-01-07 13:58 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-07 13:58 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-07 13:58 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-01-07 13:58 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-07 13:58 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-01-07 13:58 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-01-07 13:58 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-07 13:58 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-01-07 13:58 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-01-07 13:58 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-01-07 13:58 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-01-07 13:58 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-01-07 13:58 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-01-07 13:58 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-01-07 13:58 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-01-07 13:58 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-01-07 13:58 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-01-07 13:58 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-01-07 13:58 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-01-07 13:58 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-01-07 13:58 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-01-07 13:57 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-07 13:57 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-07 13:57 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-01-07 13:57 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-01-07 13:57 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-01-07 13:57 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-01-07 13:56 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-01-07 13:56 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-01-07 13:56 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-01-07 13:56 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-01-07 13:56 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-01-07 13:56 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-01-07 13:54 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-07 13:54 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-07 13:54 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-07 13:54 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-07 13:54 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-07 13:54 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-07 13:54 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-07 13:54 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-07 13:54 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-07 13:54 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-07 13:54 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-07 13:54 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-07 13:54 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-07 13:54 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-07 13:54 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-07 13:52 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-07 13:52 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-01-07 13:52 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-01-07 13:52 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-01-07 13:52 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-01-07 13:52 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-01-07 13:52 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-01-07 13:52 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-01-07 13:52 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-01-07 13:52 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-01-07 13:52 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-01-07 13:52 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-07 13:52 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-07 13:52 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-07 13:52 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-07 13:52 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-07 13:52 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-07 13:52 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-07 13:52 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-01-07 13:52 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-07 13:52 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-07 13:52 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-07 13:52 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-01-07 13:52 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-01-07 13:52 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-01-07 13:52 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-01-07 13:51 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-01-07 13:51 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-01-07 13:51 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-01-07 13:51 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-01-07 13:51 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-01-07 13:51 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-01-07 13:51 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-07 13:51 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-01-07 13:51 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-01-07 13:51 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-01-07 13:51 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-01-07 13:51 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-01-07 13:51 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-01-07 13:51 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-01-07 13:51 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-01-07 13:51 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2013-01-07 13:51 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-01-07 13:51 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-01-07 13:51 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-01-07 13:51 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-01-07 13:51 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-01-07 13:51 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-01-07 13:51 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-01-07 13:49 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-01-07 13:49 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-01-07 13:49 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-01-07 13:49 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-01-07 13:49 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-01-07 13:49 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-01-07 13:42 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-01-07 13:42 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-07 13:42 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-01-07 13:42 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-01-07 13:42 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-07 13:15 - 2013-01-07 13:20 - 00079390 ____A C:\Users\Home\Downloads\yorkyt.exe.log
2013-01-07 13:12 - 2013-01-07 13:12 - 01415784 ____A C:\Users\Home\Downloads\yorkyt.exe
2013-01-07 13:11 - 2013-01-07 13:11 - 00001413 ____A C:\AdwCleaner[R2].txt
2013-01-07 13:10 - 2013-01-07 13:10 - 00551997 ____A C:\Users\Home\Downloads\adwcleaner(1).exe
2013-01-07 12:18 - 2013-01-07 12:18 - 00000000 ____D C:\FRST
2013-01-07 09:08 - 2013-01-07 09:08 - 01464235 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-01-07 04:47 - 2013-01-07 04:47 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
2013-01-06 23:40 - 2013-01-06 23:40 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-01-06 23:17 - 2013-01-06 23:18 - 68796416 ____A C:\Users\Home\Downloads\eav_nt64_enu.msi
2013-01-06 22:55 - 2013-01-06 23:01 - 00002247 ____A C:\Users\Home\Desktop\ESET finding.txt
2013-01-06 22:48 - 2013-01-06 22:48 - 01378744 ____A (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe
2013-01-06 22:45 - 2013-01-06 22:45 - 00003056 ____A C:\Users\Home\Desktop\ESET findings.txt
2013-01-06 22:00 - 2013-01-06 22:00 - 00011857 ____A C:\Users\Home\Desktop\attach.txt
2013-01-06 22:00 - 2013-01-06 21:59 - 00025199 ____A C:\Users\Home\Desktop\dds.txt
2013-01-06 21:47 - 2013-01-06 21:47 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2013-01-06 20:25 - 2013-01-06 20:26 - 13485902 ____A C:\Users\Home\Downloads\mbar-1.01.0.1011.zip
2013-01-06 18:58 - 2013-01-06 18:59 - 102315992 ____A C:\Users\Home\Downloads\avast_free_antivirus_setup(1).exe
2013-01-06 14:14 - 2013-01-06 14:15 - 00031712 ____A C:\Users\Home\Downloads\Result.txt
2013-01-06 14:13 - 2013-01-06 14:13 - 00005201 ____A C:\Users\Home\Downloads\FSS.txt
2013-01-06 14:11 - 2013-01-06 14:13 - 00350233 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-01-06 14:08 - 2013-01-06 14:08 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck(1).exe
2013-01-06 12:02 - 2013-01-06 12:02 - 00212509 ____A C:\Users\Home\Downloads\rmparite.dos
2013-01-06 12:01 - 2013-01-06 12:02 - 00344064 ____A C:\Users\Home\Downloads\rmparite.nt
2013-01-06 12:01 - 2013-01-06 12:01 - 02774272 ____A C:\Users\Home\Downloads\rmparite.exe
2013-01-06 11:33 - 2013-01-06 11:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Anvisoft
2013-01-06 11:32 - 2013-01-07 14:24 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Users\All Users\Anvisoft
2013-01-06 11:31 - 2013-01-06 11:31 - 00981504 ____A C:\Users\Home\Downloads\MicrosoftFixit50778.msi
2013-01-06 11:24 - 2013-01-06 11:25 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix(1).exe
2013-01-06 11:23 - 2013-01-06 11:26 - 00002280 ____A C:\Users\Home\Desktop\GooredFix.txt
2013-01-06 11:23 - 2013-01-06 11:26 - 00000000 ____D C:\Users\Home\Desktop\GooredFix Backups
2013-01-06 11:16 - 2013-01-06 11:16 - 29016792 ____A C:\Users\Home\Downloads\asdsetup.exe
2013-01-06 11:08 - 2013-01-06 11:08 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix.exe
2013-01-06 10:58 - 2013-01-06 10:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-06 10:52 - 2013-01-06 10:52 - 00000000 ____D C:\JRT
2013-01-06 08:37 - 2013-01-06 08:37 - 00000000 ____D C:\Program Files\CCleaner
2013-01-05 21:48 - 2013-01-05 21:53 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine
2013-01-05 21:40 - 2013-01-05 21:42 - 00761856 ____A C:\Users\Home\Downloads\RogueKiller.exe
2013-01-05 21:33 - 2013-01-05 21:34 - 00498427 ____A (Oleg N. Scherbakov) C:\Users\Home\Downloads\JRT.exe
2013-01-05 21:25 - 2013-01-05 21:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-01-05 21:24 - 2013-01-05 21:26 - 01805736 ____A (Symantec Corporation) C:\Users\Home\Downloads\FixZeroAccess.exe
2013-01-05 20:54 - 2013-01-05 20:54 - 00000000 ____A C:\autoexec.bat
2013-01-05 20:50 - 2013-01-05 20:50 - 00016357 ____A C:\AdwCleaner[S2].txt
2013-01-05 20:49 - 2013-01-05 20:54 - 00000000 ____D C:\sh4ldr
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-01-05 20:46 - 2013-01-05 20:46 - 00015932 ____A C:\AdwCleaner[R1].txt
2013-01-05 20:44 - 2013-01-05 20:47 - 04732416 ____A (AVAST Software) C:\Users\Home\Downloads\aswMBR(1).exe
2013-01-05 20:41 - 2013-01-05 20:43 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2013-01-05 20:35 - 2013-01-05 20:36 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck.exe
2013-01-05 20:25 - 2013-01-05 20:25 - 02195061 ____A C:\Users\Home\Downloads\tdsskiller(1).zip
2013-01-05 20:25 - 2012-10-31 18:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Home\Downloads\TDSSKiller.exe
2013-01-05 20:10 - 2013-01-05 20:27 - 00000000 ____D C:\Users\Home\Desktop\mbar
2013-01-05 19:54 - 2013-01-05 21:18 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2012-12-28 21:29 - 2012-12-28 21:30 - 00998128 ____A (Solid State Networks) C:\Users\Home\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-12-24 13:31 - 2012-12-24 13:55 - 410844304 ____A C:\Users\Home\Downloads\MikTouch-0.7-signed.zip
2012-12-24 13:21 - 2012-12-24 13:21 - 00084964 ____A C:\Users\Home\Downloads\google(2).csv
2012-12-24 12:48 - 2012-12-24 12:48 - 00000256 ____A C:\Users\Home\Downloads\Unlock_code.bin
2012-12-23 11:32 - 2012-12-23 11:32 - 20390447 ____A C:\Users\Home\Downloads\MyTouch_4G_Slide_All-In-One_Kit_V2.0.rar
2012-12-23 09:29 - 2012-12-23 09:29 - 00001441 ____A C:\Users\Home\Desktop\ddms - Shortcut.lnk
2012-12-22 14:15 - 2012-12-22 15:21 - 00000000 ____D C:\Users\Home\Desktop\SNPhA Resolutions
2012-12-18 17:14 - 2013-01-07 14:37 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job
2012-12-18 17:13 - 2013-01-07 11:22 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Home.job
2012-12-18 17:13 - 2013-01-07 08:24 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Home.job
2012-12-09 18:39 - 2012-12-18 18:05 - 00000000 ____D C:\Users\Home\Desktop\FDA

==================== One Month Modified Files and Folders =======

2013-01-07 14:49 - 2010-08-21 18:27 - 00000236 ____A C:\service.log
2013-01-07 14:49 - 2010-08-17 15:14 - 02042329 ____A C:\Windows\WindowsUpdate.log
2013-01-07 14:44 - 2009-07-13 20:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-07 14:44 - 2009-07-13 20:45 - 00013664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-07 14:42 - 2009-07-13 21:13 - 00730532 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-07 14:39 - 2010-08-30 13:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
2013-01-07 14:38 - 2010-10-29 12:59 - 00118128 ____A C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-07 14:38 - 2010-08-30 13:20 - 00000000 ___RD C:\Users\Home\Documents\My Dropbox
2013-01-07 14:37 - 2012-12-18 17:14 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job
2013-01-07 14:36 - 2010-08-21 18:41 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-01-07 14:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-07 14:36 - 2009-07-13 20:51 - 00048497 ____A C:\Windows\setupact.log
2013-01-07 14:36 - 2009-07-13 20:45 - 05004552 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-07 14:35 - 2010-10-27 08:52 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-01-07 14:35 - 2010-09-09 17:18 - 00099678 ____A C:\Windows\PFRO.log
2013-01-07 14:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-07 14:33 - 2013-01-07 14:33 - 00001331 ____A C:\AdwCleaner[S3].txt
2013-01-07 14:24 - 2013-01-06 11:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Anvisoft
2013-01-07 14:24 - 2013-01-06 11:32 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-01-07 14:17 - 2013-01-07 14:14 - 00400436 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2013-01-07 14:11 - 2010-10-27 09:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2278199951-1427957285-2290571376-1000UA.job
2013-01-07 13:58 - 2010-09-11 16:02 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-07 13:41 - 2011-02-28 19:33 - 00000000 ____D C:\Users\Home\AppData\Local\FLVService
2013-01-07 13:20 - 2013-01-07 13:15 - 00079390 ____A C:\Users\Home\Downloads\yorkyt.exe.log
2013-01-07 13:12 - 2013-01-07 13:12 - 01415784 ____A C:\Users\Home\Downloads\yorkyt.exe
2013-01-07 13:11 - 2013-01-07 13:11 - 00001413 ____A C:\AdwCleaner[R2].txt
2013-01-07 13:10 - 2013-01-07 13:10 - 00551997 ____A C:\Users\Home\Downloads\adwcleaner(1).exe
2013-01-07 12:18 - 2013-01-07 12:18 - 00000000 ____D C:\FRST
2013-01-07 11:22 - 2012-12-18 17:13 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Home.job
2013-01-07 09:08 - 2013-01-07 09:08 - 01464235 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-01-07 08:38 - 2010-10-27 09:00 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2278199951-1427957285-2290571376-1000Core.job
2013-01-07 08:31 - 2010-08-28 16:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-01-07 08:24 - 2012-12-18 17:13 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Home.job
2013-01-07 04:47 - 2013-01-07 04:47 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
2013-01-06 23:40 - 2013-01-06 23:40 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-01-06 23:18 - 2013-01-06 23:17 - 68796416 ____A C:\Users\Home\Downloads\eav_nt64_enu.msi
2013-01-06 23:01 - 2013-01-06 22:55 - 00002247 ____A C:\Users\Home\Desktop\ESET finding.txt
2013-01-06 22:48 - 2013-01-06 22:48 - 01378744 ____A (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe
2013-01-06 22:45 - 2013-01-06 22:45 - 00003056 ____A C:\Users\Home\Desktop\ESET findings.txt
2013-01-06 22:00 - 2013-01-06 22:00 - 00011857 ____A C:\Users\Home\Desktop\attach.txt
2013-01-06 21:59 - 2013-01-06 22:00 - 00025199 ____A C:\Users\Home\Desktop\dds.txt
2013-01-06 21:47 - 2013-01-06 21:47 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2013-01-06 21:08 - 2012-06-04 17:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-01-06 20:26 - 2013-01-06 20:25 - 13485902 ____A C:\Users\Home\Downloads\mbar-1.01.0.1011.zip
2013-01-06 18:59 - 2013-01-06 18:58 - 102315992 ____A C:\Users\Home\Downloads\avast_free_antivirus_setup(1).exe
2013-01-06 14:15 - 2013-01-06 14:14 - 00031712 ____A C:\Users\Home\Downloads\Result.txt
2013-01-06 14:13 - 2013-01-06 14:13 - 00005201 ____A C:\Users\Home\Downloads\FSS.txt
2013-01-06 14:13 - 2013-01-06 14:11 - 00350233 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-01-06 14:08 - 2013-01-06 14:08 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck(1).exe
2013-01-06 12:02 - 2013-01-06 12:02 - 00212509 ____A C:\Users\Home\Downloads\rmparite.dos
2013-01-06 12:02 - 2013-01-06 12:01 - 00344064 ____A C:\Users\Home\Downloads\rmparite.nt
2013-01-06 12:01 - 2013-01-06 12:01 - 02774272 ____A C:\Users\Home\Downloads\rmparite.exe
2013-01-06 11:32 - 2013-01-06 11:32 - 00000000 ____D C:\Users\All Users\Anvisoft
2013-01-06 11:31 - 2013-01-06 11:31 - 00981504 ____A C:\Users\Home\Downloads\MicrosoftFixit50778.msi
2013-01-06 11:26 - 2013-01-06 11:23 - 00002280 ____A C:\Users\Home\Desktop\GooredFix.txt
2013-01-06 11:26 - 2013-01-06 11:23 - 00000000 ____D C:\Users\Home\Desktop\GooredFix Backups
2013-01-06 11:25 - 2013-01-06 11:24 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix(1).exe
2013-01-06 11:16 - 2013-01-06 11:16 - 29016792 ____A C:\Users\Home\Downloads\asdsetup.exe
2013-01-06 11:08 - 2013-01-06 11:08 - 00071398 ____A (jpshortstuff) C:\Users\Home\Downloads\GooredFix.exe
2013-01-06 10:58 - 2013-01-06 10:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-06 10:52 - 2013-01-06 10:52 - 00000000 ____D C:\JRT
2013-01-06 08:37 - 2013-01-06 08:37 - 00000000 ____D C:\Program Files\CCleaner
2013-01-06 08:35 - 2012-06-08 13:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-05 21:53 - 2013-01-05 21:48 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine
2013-01-05 21:42 - 2013-01-05 21:40 - 00761856 ____A C:\Users\Home\Downloads\RogueKiller.exe
2013-01-05 21:34 - 2013-01-05 21:33 - 00498427 ____A (Oleg N. Scherbakov) C:\Users\Home\Downloads\JRT.exe
2013-01-05 21:26 - 2013-01-05 21:24 - 01805736 ____A (Symantec Corporation) C:\Users\Home\Downloads\FixZeroAccess.exe
2013-01-05 21:25 - 2013-01-05 21:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-01-05 21:18 - 2013-01-05 19:54 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2013-01-05 20:54 - 2013-01-05 20:54 - 00000000 ____A C:\autoexec.bat
2013-01-05 20:54 - 2013-01-05 20:49 - 00000000 ____D C:\sh4ldr
2013-01-05 20:50 - 2013-01-05 20:50 - 00016357 ____A C:\AdwCleaner[S2].txt
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-05 20:49 - 2013-01-05 20:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-01-05 20:47 - 2013-01-05 20:44 - 04732416 ____A (AVAST Software) C:\Users\Home\Downloads\aswMBR(1).exe
2013-01-05 20:46 - 2013-01-05 20:46 - 00015932 ____A C:\AdwCleaner[R1].txt
2013-01-05 20:43 - 2013-01-05 20:41 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2013-01-05 20:36 - 2013-01-05 20:35 - 00856731 ____A C:\Users\Home\Downloads\SecurityCheck.exe
2013-01-05 20:28 - 2012-01-11 11:17 - 00000000 __SHD C:\Users\Home\AppData\Local\{69e6b33b-07d0-3c86-0218-29100579e152}
2013-01-05 20:27 - 2013-01-05 20:10 - 00000000 ____D C:\Users\Home\Desktop\mbar
2013-01-05 20:25 - 2013-01-05 20:25 - 02195061 ____A C:\Users\Home\Downloads\tdsskiller(1).zip
2013-01-05 20:03 - 2012-05-01 19:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-05 19:58 - 2012-05-01 19:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-05 12:31 - 2010-08-30 13:20 - 00000976 ____A C:\Users\Home\Desktop\Dropbox.lnk
2013-01-04 18:19 - 2010-09-09 16:43 - 00000426 ____A C:\Windows\BRWMARK.INI
2013-01-04 17:52 - 2011-12-29 22:04 - 00000000 ____D C:\Users\Home\AppData\Roaming\TuneUpMedia
2012-12-28 21:30 - 2012-12-28 21:29 - 00998128 ____A (Solid State Networks) C:\Users\Home\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-12-27 16:07 - 2010-08-28 16:20 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-12-24 13:55 - 2012-12-24 13:31 - 410844304 ____A C:\Users\Home\Downloads\MikTouch-0.7-signed.zip
2012-12-24 13:21 - 2012-12-24 13:21 - 00084964 ____A C:\Users\Home\Downloads\google(2).csv
2012-12-24 12:48 - 2012-12-24 12:48 - 00000256 ____A C:\Users\Home\Downloads\Unlock_code.bin
2012-12-23 11:32 - 2012-12-23 11:32 - 20390447 ____A C:\Users\Home\Downloads\MyTouch_4G_Slide_All-In-One_Kit_V2.0.rar
2012-12-23 10:10 - 2011-12-27 14:45 - 00000000 ____D C:\Users\Home\.android
2012-12-23 09:29 - 2012-12-23 09:29 - 00001441 ____A C:\Users\Home\Desktop\ddms - Shortcut.lnk
2012-12-22 15:21 - 2012-12-22 14:15 - 00000000 ____D C:\Users\Home\Desktop\SNPhA Resolutions
2012-12-18 18:05 - 2012-12-09 18:39 - 00000000 ____D C:\Users\Home\Desktop\FDA
2012-12-17 08:00 - 2012-10-28 18:59 - 00000000 ____D C:\Users\Home\Desktop\Eli Lilly
2012-12-17 07:59 - 2012-11-25 21:38 - 00000000 ____D C:\Users\Home\Desktop\CDC
2012-12-16 09:11 - 2013-01-07 13:57 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2013-01-07 13:57 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2013-01-07 13:57 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2013-01-07 13:57 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-14 13:49 - 2012-05-01 19:52 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-13 19:01 - 2012-05-11 06:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-13 19:01 - 2010-08-26 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-12 10:12 - 2011-04-10 13:56 - 00002444 ____A C:\Users\Home\Desktop\Google Chrome.lnk
2012-12-09 23:03 - 2012-11-20 08:26 - 00000210 ____A C:\Users\Home\Desktop\gifts 2012.txt
2012-12-09 23:02 - 2012-11-04 17:24 - 00000000 ____D C:\Users\Home\Desktop\taxes old
2012-12-09 21:11 - 2012-10-26 13:22 - 00000000 ____D C:\Users\Home\Desktop\P&G
2012-12-09 20:31 - 2012-10-26 14:53 - 00000000 ____D C:\Users\Home\Desktop\other ppls CVs

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3581.55 MB
Available physical RAM: 2969.17 MB
Total Pagefile: 3579.7 MB
Available Pagefile: 2955.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:97.56 GB) (Free:5.57 GB) NTFS
3 Drive e: () (Fixed) (Total:244.14 GB) (Free:112.06 GB) NTFS
4 Drive f: () (Fixed) (Total:589.71 GB) (Free:533.27 GB) NTFS
7 Drive i: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 964 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 244 GB 97 GB
Partition 4 Primary 589 GB 341 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 97 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 244 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F NTFS Partition 589 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 3868 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 960 MB Healthy

=========================================================

Last Boot: 2013-01-04 12:38

==================== End Of Log =============================

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 09 January 2013 - 08:52 PM

Hello, kart.
Congratulations! You now appear clean! :cool:


  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.



One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 14 January 2013 - 09:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users